Less than a week after releasing Chrome 128 to the stable channel, Google warns that another bug resolved with the update is being exploited in the wild.  The issue tracked as CVE-2024-7965 (CVSS score of 8.8) is described by Google as an inappropriate implementation in the V8 JavaScript engine that allows a remote attacker to exploit heap corruption via crafted HTML pages.  Google noted that if the victim visits a compromised or malicious web page, the vulnerability could allow the attacker to execute code or access sensitive information.

California-based Patelco Credit Union has recently started informing customers and employees about a data breach after a ransomware group managed to steal information from databases containing personal information from its systems. Patelco is a member-owned, non-profit credit union serving Northern California, particularly the San Francisco Bay Area. The organization detected a ransomware attack involving unauthorized access to its databases on June 29. An investigation revealed that the hackers accessed its systems between May 23 and June 29.

The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.  In 2023, the airport served almost 51 million passengers. The airport is a major hub for Alaska Airlines and Delta Air Line, serving 91 domestic and 28 international destinations.

A long-running group has allegedly been helping cybercriminals penetrate Information Technology (IT) systems with CAPTCHA-solving services. Arkose Cyber Threat Intelligence Research (ACTIR) identified "Greasy Opal," a cyberattack-enabling business. Greasy Opal, based in the Czech Republic, has stealthily been in operation since 2009. The group sells different products and solutions ranging from legitimate productivity solutions to more controversial tools, such as Search Engine Optimization (SEO)-boosting software, CAPTCHA-solving services, browser automation services, and more.

To combat Living Off the Land (LOTL) techniques used by Advanced Persistent Threat (APT) actors, the National Security Agency (NSA), along with international partners, has released a best practice guide for event logging. The publication outlines best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and Operational Technology (OT) networks to ensure critical system availability. The guide is for senior Information Technology (IT) and OT decision-makers, as well as network administrators and critical infrastructure providers.

Since 2022, a stealthy Linux malware called "sedexp" has evaded detection using a persistence technique not yet included in the MITRE ATT&CK framework. The malware, which was discovered by researchers at the risk management company Stroz Friedberg, allows its operators to create reverse shells for remote access and further the attack. At this time, the researchers point out MITRE ATT&CK has not documented the persistence technique used, emphasizing that sedexp is an advanced threat hiding in plain sight.

Meta Platforms has announced that the same Iranian hacking group believed to have recently targeted both the Democratic and Republican presidential campaigns tried to compromise the WhatsApp accounts of staffers in the administrations of President Joe Biden and former President Donald Trump. Meta discovered the network of hackers who posed as tech support agents for AOL, Microsoft, Yahoo, and Google after suspicious WhatsApp messages were reported. Meta investigators connected the activity to the network blamed for Trump's recent campaign hacking.

The national association for amateur radio American Radio Relay League (ARRL) recently revealed that it paid out a $1 million ransom after a disruptive May 2024 ransomware attack.  The attack occurred on May 15 and resulted in multiple systems within ARRL’s internal network being encrypted, including desktops, laptops, and Windows and Linux servers.

Texas Dow Employees Credit Union (TDECU) started notifying over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year.  Conducted by the Russian-speaking Cl0p ransomware group, the hack came to light on May 31, 2023, when Progress Software warned that hackers had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software, tracked as CVE-2023-34362, to access customer data.

MIT researchers have proposed a way to make a smaller, more noise-tolerant quantum factoring circuit for cryptography. Quantum computers are expected to quickly break complex cryptographic systems that classical computers cannot, a promise based on a quantum factoring algorithm proposed by MIT professor Peter Shor in 1994. Although researchers have made progress in the last 30 years, they have yet to build a quantum computer that is powerful enough to run Shor's algorithm.