North Korean state-sponsored group BlueNoroff, a subgroup of the Lazarus Group, has launched a new malware campaign called "Hidden Risk," targeting cryptocurrency and DeFi businesses. SentinelLabs researchers found that the campaign, active since July 2024, employs phishing emails and PDF-based lures with fake crypto news headlines to trick victims into clicking on malicious links.

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have issued a joint advisory warning about a year-long campaign by Iranian cyber actors aimed at infiltrating critical infrastructure organizations.

Organizations are facing increasing financial losses, estimated between $94 billion to $186 billion annually, due to vulnerable APIs (Application Programming Interfaces) and automated bot attacks, according to The Economic Impact of API and Bot Attacks report by Imperva, a Thales company.

S&P Global Ratings has highlighted poor corporate vulnerability remediation as a significant risk factor. Analyzing data from over 7,000 rated companies, S&P found that 40% address known system flaws "infrequently," leaving them exposed.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.

Despite the indictment of one of its alleged members, the North Korean APT group known as Stonefly (aka APT45) continues to target U.S. companies, according to warnings from Symantec threat analysts. Stonefly, also referred to as Andariel and OnyxFleet, is linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.

A new study from Juniper Research reveals that online fraud losses are projected to surge from $44 billion in 2024 to $107 billion by 2029, marking a 141% increase. The report, titled Global Merchant Fraud Prevention Market 2024-2029, attributes this significant rise to the growing sophistication of attacks driven by advancements in AI technology. One major concern highlighted is the use of deepfakes to bypass verification systems, which the report identifies as a critical threat to the ecommerce landscape.

Microsoft and the U.S. Department of Justice (DoJ) announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors, used to carry out computer fraud and abuse.

A report by the G7 Cyber Expert Group (CEG), chaired by the US Department of the Treasury and the Bank of England, addresses the cybersecurity risks posed by advancements in quantum computing and outlines essential steps for financial authorities and institutions to mitigate these risks.

In a recent cyberattack, MoneyGram, the global money transfer service, fell victim to a data breach that exposed sensitive customer information. The hack, which was discovered earlier this month, compromised a significant portion of MoneyGram's transaction database, raising concerns about the safety of financial data within the company’s infrastructure. The breach has alarmed customers and regulators alike, with early investigations suggesting that the attackers accessed payment records, personal information, and potentially financial data belonging to thousands of MoneyGram users.

A foreign government is believed to have orchestrated a cyberattack on the Dutch police force, exposing the contact details of nearly 63,000 officers. The breach, which occurred on September 26, 2024, was a sophisticated operation targeting a specific police account.