The UK AI Safety Institute has rebranded as the UK AI Security Institute to focus on mitigating national security risks associated with AI technologies, including criminal misuse and cybersecurity threats.
Multiple Russian nation-state actors, including the group Storm-2372, are conducting a sophisticated spear-phishing campaign that exploits device code authentication to gain unauthorized access to Microsoft 365 accounts, posing a significant threat to global critical infrastructure.
The Lazarus Group’s Operation Marstech Mayhem employs sophisticated malware to compromise software and Web3 developers, posing significant risks to global software ecosystems and potentially funding North Korean government activities.
Astaroth is a sophisticated phishing kit that effectively circumvents two-factor authentication by using advanced techniques to capture sensitive information from various authentication services.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a Secure by Design Alert highlighting the significant security risks posed by buffer overflow vulnerabilities, which are frequently exploited by cyber actors, including those from China, in major software products from vendors like Microsoft, VMware, and Ivanti.
The Russian state-sponsored cyber group Seashell Blizzard, also known as APT44, has intensified its cyber-espionage and attacks on critical infrastructure globally, leveraging vulnerabilities in various systems to maintain persistent access and execute large-scale compromises.
