Researchers have discovered an updated variant of "BeaverTail" stealer malware used by attackers affiliated with the Democratic People's Republic of Korea (DPRK). According to security researcher Patrick Wardle, an Apple macOS disk image (DMG) file named "MiroTalk.dmg" mimics the legitimate video call service of the same name but delivers a native version of "BeaverTail." BeaverTail is a JavaScript stealer malware first documented by Palo Alto Networks Unit 42 in November 2023 as part of the "Contagious Interview" campaign.

Researchers believe cybercriminals in Iraq secretly posted malicious Python code to the popular PyPl repository. According to a report by the cybersecurity company Checkmarx, the cybercriminals used the malware to exfiltrate sensitive user data to a Telegram chatbot connected to multiple cybercriminal operations in Iraq. This article continues to discuss Iraq-based cybercriminals' deployment of malicious Python packages to steal data.

Atlassian has released security updates to address several critical vulnerabilities in its Bamboo, Confluence, and Jira products. The software vendor called attention to the Bamboo Data Center and Server updates, which resolve two high-severity bugs, including one impacting the UriComponentsBuilder dependency. The flaw enables an unauthenticated attacker to execute Server-Side Request Forgery (SSRF) attack. This article continues to discuss the high-severity vulnerabilities recently patched in Atlassian's Bamboo, Confluence, and Jira products.

Researchers have revealed more about the "Qilin" ransomware group, which recently demanded $50 million from the healthcare sector. Synnovis, a pathology services provider, was attacked earlier this month, affecting several NHS hospitals in London. Starting in February 2023, Qilin has been offering Ransomware-as-a-Service (RaaS) on underground forums. Qilin moved from Go-based "Agenda" ransomware to Rust, marking a move toward more robust and efficient malware. The group has compromised more than 150 organizations in 25 countries, affecting many industries.

According to Microsoft, the "Scattered Spider" cybercrime gang has added "Qilin" ransomware to its arsenal. ​The Qilin ransomware operation that Scattered Spider just joined emerged in August 2022 under the name "Agenda," but was rebranded as Qilin just one month later. The Qilin gang has hit about 130 companies, based on its dark web leak site. This article continues to discuss Scattered Spider hackers' use of Qilin ransomware.

Interpol has defeated several West African cybercriminal groups, including the "Black Axe" syndicate. "Operation Jackal III" took place from April 10 to July 3 in 21 countries on five continents, resulting in 300 arrests and $3m in asset seizures. Police blocked over 720 bank accounts and identified 400 suspects. Black Axe may have operated for decades. It has made a lot of money in romance fraud, Business Email Compromise (BEC), and other financial crimes. This article continues to discuss the success of Operation Jackal III.

Attackers are exploiting a patched Apache HugeGraph vulnerability. Apache HugeGraph is an open source graph database system used to build applications based on graph databases. Its developers disclosed a flaw in HugeGraph-Server in April that enables remote command execution. The vulnerability was patched with the release of version 1.3.0. However, the Shadowserver Foundation reported attempts to exploit the flaw in the wild, with attacks originating from eight IP addresses. This article continues to discuss the exploitation of a recently patched Apache HugeGraph vulnerability.

Google recently announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers.  Google noted that the new Chrome 126 release resolves an inappropriate implementation flaw in V8, a type confusion in V8, use-after-free bugs in Screen Capture, Media Stream, Audio, and Navigation, a race condition in DevTools, and an out-of-bounds memory access in V8.  Google says it paid out $10,000 and $7,000 bug bounty rewards for the inappropriate implementation and type confusion vulnerabilities in V8.

MNGI Digestive Health has started notifying over 765,000 individuals that their personal information was compromised in an August 2023 data breach.  The incident occurred on August 20, 2023, but it took MNGI almost one year to determine that personal and protected health information was accessed.  MGNI says that the potentially compromised information includes names, dates of birth, Social Security numbers, driver’s licenses and state ID numbers, passport numbers, biometric data, health insurance information, and medical information.