Researchers have found that clickable website links often lead to malicious destinations. Millions of "hijackable hyperlinks" have been found across the web, including on trusted websites. At the 2024 Web Conference, their paper showed that web cybersecurity threats can be exploited much more widely than previously thought. They found hijackable hyperlinks on websites belonging to large organizations, religious organizations, financial companies, and governments. These websites' hyperlinks can be hijacked without warning.

The critical "BlastRADIUS" vulnerability in the RADIUS protocol exposes most networking equipment to Man-in-the-Middle (MitM) attacks. The vulnerability is hard to exploit, but an exploit could have serious consequences. BlastRADIUS lets attackers exploit certain RADIUS packets. The RADIUS protocol enables certain Access-Request messages to have no integrity or authentication checks. Therefore, an attacker can modify these packets without being detected. They could force any user to authenticate and give authorization to that user.

According to the antivirus provider Avast, law enforcement organizations have been sharing decryptor keys with victims of the "DoNex" ransomware since March 2024. The Avast Threat Research Team recently noted that it had silently distributed the decryptor to DoNex ransomware victims after discovering a flaw in the cryptographic schema of the malware and predecessors. This article continues to discuss the DoNex ransomware and the release a decryptor to victims of this ransomware.

Researchers have found that attackers can perform cryptocurrency mining using improperly configured Jenkins Script Console instances. Trend Micro warned that improperly set up authentication mechanisms expose the '/script' endpoint to attackers, making Remote Code Execution (RCE) possible. Jenkins is a widely used Continuous Integration and Continuous Delivery (CI/CD) platform with a Groovy script console that enables users to run arbitrary Groovy scripts in the Jenkins controller runtime.

Attackers are exploiting a Remote Code Execution (RCE) vulnerability in a Linux-wide Ghostscript document conversion toolkit. Ghostscript is pre-installed on many Linux distributions and is used by ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, and the CUPS printing. All Ghostscript 10.03.0 and earlier installations are vulnerable to this format string flaw. Unpatched Ghostscript versions fail to prevent changes to uniprint device argument strings after the sandbox is activated, allowing attackers to escape the default -dSAFER sandbox.

A new cyber espionage actor, tracked as "CloudSorcerer," is targeting government organizations in the Russian Federation with sophisticated malware that can adapt its behavior based on the execution environment. The Advanced Persistent Threat (APT) group uses an operational style similar to that of "CloudWizard," another APT discovered last year that also targets Russian entities. This article continues to discuss findings regarding CloudSorcerer's cyber espionage campaign.

The Ethereum Foundation's account on a mailing list platform was hacked to send email phishing lures to about 35,794 addresses. Phishing emails from a legitimate email address promoted a Lido scam and linked to a malicious website that drained visitors' wallets. According to the Ethereum Foundation, this website had a cryptocurrency drainer running in the background that would drain a user's wallet if they signed the transaction requested by the website. This article continues to discuss the hacking of the Ethereum Foundation's account on a mailing list platform.

The ransomware group known as RansomHub recently leaked data allegedly stolen from the Florida Department of Health.  RansomHub added the agency to its Tor-based leak site on July 2, claiming to have stolen over 100 gigabytes of data from its network, including personally identifiable information (PII) and protected health information (PHI).

A threat actor, "Sp1d3rHunters," continued their extortion campaign against Ticketmaster on Monday by claiming to leak over 30,000 print-at-home tickets stolen from the vendor.  The threat actor advertised the data dump on an underground forum alongside a four-step guide for users to make their own printable barcode tickets.  They claimed to have tickets for gigs by Stevie Nicks, Pearl Jam, Foo Fighters, Red Hot Chili Peppers, and many more artists.  The threat actor warned Ticketmaster that they now have to reset 30K more tickets.

"Eldorado," a new Ransomware-as-a-Service (RaaS), encrypts Windows and Linux files with locker variants. According to Group-IB, Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP. Researchers said the Eldorado ransomware uses Golang for cross-platform capabilities, Chacha20 for file encryption, and RSA-OAEP for key encryption. This article continues to discuss findings regarding the Eldorado RaaS.