GoIssue: A New Threat Targeting GitHub Users
Cybersecurity experts are sounding alarms over a newly emerged tool called GoIssue, designed to facilitate mass phishing campaigns targeting GitHub users.
North Korean Hackers Unleash 'Hidden Risk' Malware to Target Cryptocurrency Firms
North Korean state-sponsored group BlueNoroff, a subgroup of the Lazarus Group, has launched a new malware campaign called "Hidden Risk," targeting cryptocurrency and DeFi businesses. SentinelLabs researchers found that the campaign, active since July 2024, employs phishing emails and PDF-based lures with fake crypto news headlines to trick victims into clicking on malicious links.
S&P Warns of Material Risk from Unpatched Vulnerabilities
S&P Global Ratings has highlighted poor corporate vulnerability remediation as a significant risk factor. Analyzing data from over 7,000 rated companies, S&P found that 40% address known system flaws "infrequently," leaving them exposed.
CISA Flags Critical ScienceLogic Vulnerability Amid Zero-Day Exploits
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
Preparing for the Quantum Leap: Addressing Cybersecurity Risks in Financial Institutions
A report by the G7 Cyber Expert Group (CEG), chaired by the US Department of the Treasury and the Bank of England, addresses the cybersecurity risks posed by advancements in quantum computing and outlines essential steps for financial authorities and institutions to mitigate these risks.
Iranian Cyber Actors Target Critical Infrastructure in Year-Long Attack Campaign
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have issued a joint advisory warning about a year-long campaign by Iranian cyber actors aimed at infiltrating critical infrastructure organizations.
CISA Warns of Critical Exploited Vulnerability in SolarWinds Web Help Desk Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
Online Fraud Losses to Skyrocket 141% by 2029 as AI-Driven Attacks Escalate
A new study from Juniper Research reveals that online fraud losses are projected to surge from $44 billion in 2024 to $107 billion by 2029, marking a 141% increase. The report, titled Global Merchant Fraud Prevention Market 2024-2029, attributes this significant rise to the growing sophistication of attacks driven by advancements in AI technology. One major concern highlighted is the use of deepfakes to bypass verification systems, which the report identifies as a critical threat to the ecommerce landscape.
