Microsoft has revealed that the Chinese threat actor Storm-0940, associated with the CovertNetwork-1658 botnet, is conducting sophisticated cyberattacks targeting its customers through compromised SOHO routers.
The 2024 ISC2 Cybersecurity Workforce Study reveals a stagnation in the global cybersecurity job market, with economic constraints leading to staffing shortages and skills gaps, while professionals increasingly view artificial intelligence as a key opportunity for enhancing security and career growth.
The Xiu Gou phishing kit, developed by cybercriminals, has been actively targeting individuals in the public sector, postal services, digital services, and banking in the US, UK, Spain, Australia, and Japan since September 2024, utilizing advanced technology and sophisticated tactics to evade detection.
LightSpy, a sophisticated iOS spyware linked to a suspected state-sponsored group, exploits vulnerabilities in iOS and macOS systems to collect sensitive data and introduce destructive functions, posing a significant threat to Apple device users.
A security breach on October 30th, 2024, involved the npm package @lottiefiles/lottie-player, targeting versions 205, 206, and 207 to inject malicious code that exploited cryptocurrency wallets.
EmeraldWhale, a global threat actor, has stolen over 15,000 cloud account credentials by exploiting misconfigured Git configuration files in a campaign that targeted approximately 67,000 URLs.
