Quishing attacks, utilizing QR codes, have seen a significant increase, with cybercriminals targeting individuals and organizations through evolving tactics and techniques.
Russia, China, and Iran identified as primary actors behind malicious cyber campaigns using fake online accounts, generative AI, deepfakes, and hack-and-leak attacks to undermine US democratic institutions.
TA427, also known as Emerald Sleet, APT43, THALLIUM, or Kimsuky, is targeting foreign policy experts with email phishing campaigns using social engineering tactics and web beacons to gather intelligence on US and South Korean foreign policies.
Ivanti has issued a security advisory for its Avalanche mobile device management (MDM) product, urging users to update to the latest version, Avalanche 643, to address critical vulnerabilities, including heap overflow bugs that could potentially allow arbitrary command execution.
Researchers at WithSecure have identified a new backdoor malware named Kapeka, believed to be associated with the Russian nation-state group Sandworm, targeting organizations in Ukraine and Eastern Europe since mid-2022.
The Open Source Security Foundation has teamed up with key US cyber agencies to introduce Protobom, a new open-source project aimed at simplifying the management of Software Bill of Materials for organizations.
