Security vulnerabilities are a major issue in Artificial Intelligence (AI)-powered code generation. Therefore, Khiem Ton, a Ph.D. student, and his colleagues at the New Jersey Institute of Technology (NJIT) developed "SGCode," a system that uses advanced AI and security analysis tools to detect and fix security flaws during code creation. SGCode includes Large Language Models (LLMs) such as GPT-4, a graph-based Generative Adversarial Network (gGAN), and security analysis tools. The flexible system lets users switch between code security optimization methods.

In a Distributed Denial-of-Service (DDoS) campaign aimed at financial services, Internet, and telecommunications companies, volumetric attacks peaked at 3.8 terabits per second (Tbps), the largest publicly recorded. The campaign involved over 100 hyper-volumetric DDoS attacks that flooded network infrastructure with garbage data. A volumetric DDoS attack overwhelms the target with large amounts of data, consuming bandwidth or exhausting the resources of applications and devices, denying legitimate users access.

The National Security Agency (NSA), together with the Australian Signals Directorate's Australian Cyber Security Centre (ASD ACSC) and others, released a new Cybersecurity Information Sheet (CSI) titled "Principles of Operational Technology Cyber Security." The CSI delves into six principles for creating and maintaining a safe, secure critical infrastructure Operational Technology (OT) environment. The guidance aims to help improve cybersecurity methods for protecting water, energy, transportation, and more. This article continues the new CSI on OT cybersecurity.

The new "FakeUpdate" campaign targeting users in France involves compromised websites that display fake browser and app updates, which deliver a new version of the WarmCookie backdoor. The threat group "SocGolish" compromises or creates fake websites to display fake update prompts for web browsers, Java, VMware Workstation, WebEx, and Proton VPN. If a user clicks on the legitimate-looking update prompts, a fake update is downloaded that drops cryptocurrency drainers, ransomware, and more. This article continues to discuss the FakeUpdate campaign.

Sellafield Ltd was recently fined $437,440 for cybersecurity failings running the Sellafield nuclear facility in Cumbria, North-West England.  The fine was issued by Westminster Magistrates Court.  Sellafield Ltd has also been ordered to pay prosecution costs of $70,060.  The charges relate to Sellafield's management of the security around its information technology systems between 2019 and 2023 and breaches of the Nuclear Industries Security Regulations 2003.

According to security researchers at Cisco Talos, a financially-motivated threat actor has been observed targeting organizations globally with a MedusaLocker ransomware variant.  Known as “BabyLockerKZ,” the variant has been around since at least late 2023, and this is the first time it has been specifically called out as a MedusaLocker variant.  The researchers noted that this variant uses the same chat and leak site URLs as the original MedusaLocker ransomware.

New international law enforcement actions have resulted in four arrests and the takedown of nine servers linked to the "LockBit" ransomware operation. According to Europol, the arrests included a suspected LockBit developer in France, two people in the UK believed to have supported an affiliate, and an administrator of a bulletproof hosting service in Spain used by the LockBit ransomware group. Authorities unmasked a Russian national named Aleksandr Ryzhenkov as one of the high-ranking Evil Corp cybercrime group members while also outing him as a LockBit affiliate.

Symantec threat analysts warns that the North Korean Advanced Persistent Threat (APT) group "Stonefly," also known as "APT45," continues to target US companies despite an indictment. Stonefly is linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency. Mandiant's threat analysts previously noted that APT45 relies on publicly available tools such as "3PROXY," malware modified from publicly available malware, and custom malware families. This article continues to discuss key findings regarding Stonefly.