Researchers at Checkmarx have observed threat actors manipulating GitHub search results in order to infect developers with persistent malware. As part of the campaign, attackers created malicious repositories using popular names and topics. They then boosted their search rankings using automated updates and fake stars. To avoid detection, the threat actors hid a malicious payload within Visual Studio project files. The payload results in the execution of malware similar to the "Keyzetsu clipper," which targets cryptocurrency wallets.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 24-02 in response to a recent campaign by the Russian state-sponsored cyber actor "Midnight Blizzard." The actor targeted Microsoft corporate email accounts, potentially accessing messages sent to Federal Civilian Executive Branch (FCEB) agencies.

The US Cybersecurity and Infrastructure Security Agency (CISA) warned Sisense customers about a password compromise and encouraged them to reset their passwords immediately. CISA advises Sisense customers to reset their credentials for the platform and passwords leading to any other sensitive data potentially accessed through Sisense services. The Software-as-a-Service (SaaS) platform uses Artificial Intelligence (AI)-driven analytics to provide insights to thousands of companies.

According to Metomic's "State of Data Security in Financial Services" report, many sensitive documents stored on platforms like Google Drive, Slack, and other collaborative work applications have been left unattended for months or years. This has resulted in data sprawl issues for businesses and significant data security risks for individuals and their employers. Eighty-six percent of the files had not been updated in 90 days, 70 percent in over a year, and 48 percent in over two years.

LastPass recently revealed that threat actors targeted one of its employees in a voice phishing attack, involving the impersonation of Karim Toubba, the company's CEO, with deepfake audio. According to a recent global study, 25 percent of people have been victims of an Artificial Intelligence (AI) voice impersonation scam or know someone who has. The LastPass employee did not fall for the scam because the attacker used WhatsApp, an uncommon business channel. This article continues to discuss the failed voice phishing attack involving deepfake audio.

Human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) are being targeted by new mobile malware spread through a news app. Cisco Talos and the Yahoo Advanced Cyber Threats Team discovered the malicious Android mobile app, which masquerades as a variant of the Sahara Press Service app run by a SADR-associated media agency. Researchers at Cisco Talos believe the spying campaign began in January and is still in its early stages. The custom-built app was distributed via spearphishing emails sent to human rights activists in Morocco and SADR.

Threat actors spreading Raspberry Robin are now using Windows Script Files (WSFs), in addition to other methods, such as USB drives. A WSF is a file type generally used by administrators and legitimate software to automate tasks in Windows. HP Threat Research discovered new campaigns starting in March 2024 where Raspberry Robin was being spread with anti-analysis techniques through highly obfuscated WSFs. The Windows worm, discovered in 2021, was initially spread to target hosts via removable media.

Researchers at the University of Guelph have presented an innovative framework that could be used to protect data in the interconnected world. It is a new approach to developing apps and services. A recently published study describes the two-level solution that improves the framework currently used in smart devices. One level works locally on the device, protecting sensitive data as it travels to the central server. The second level ensures that any data is encrypted even as it is being processed.

A threat actor, tracked as "TA547," is running a PowerShell script believed to have been developed with the help of an Artificial Intelligence (AI) system, such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's Copilot. In March, the adversary used the script in an email campaign to deliver the Rhadamanthys information stealer to organizations in Germany. Proofpoint researchers attributed the attack to TA547, who is suspected of being an Initial Access Broker (IAB). TA547 has been active since at least 2017, delivering malware to Windows and Android systems.

The growing popularity of Electric Vehicles (EVs) attracts not only gas-conscious consumers but also cybercriminals interested in using EV charging stations to conduct large-scale cyberattacks. Charging points, whether in a private garage or on a public parking lot, are online and running software that interacts with payment systems and the electric grid. They also store driver identities. Therefore, charging stations pose significant cybersecurity risks.