Researchers have discovered seven packages on the Python Package Index (PyPI) repository designed to steal BIP39 mnemonic phrases used to recover private keys of cryptocurrency wallets. ReversingLabs has codenamed the software supply chain attack campaign "BIPClip." The packages were downloaded 7,451 times before being removed from PyPI. BIPClip, aimed at developers on projects related to generating and securing cryptocurrency wallets, is said to have been in operation since at least December 4, 2022.

The ALPHV/BlackCat ransomware gang has committed a scam on its way out. BlackCat affiliates complained on dark web forums that they had successfully breached victims, but the ransomware gang had not paid their share, becoming unresponsive. This was quickly followed by the closure of affiliate accounts and a law enforcement seizure notice posted on its dark web site, which does not appear to be legitimate. The ransomware gang's unusual behavior is likely due to international law enforcement taking down its data leak site in December.

Several French government agencies have experienced "intense" cyberattacks. The description of the attacks aligns with that of Distributed Denial-of-Service (DDoS) attacks. According to the French government, the attack was carried out with familiar technical means but at an unprecedented level of intensity. Although DDoS incidents have been attributed to state-sponsored groups, the attack's simplicity prevents it from providing a long-term disruptive capability or a method for the attacker to infiltrate target networks.

Google recently revealed that it had awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.  Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

A team of researchers has developed ArtPrompt, a new approach for bypassing the safety measures built into Large Language Models (LLMs). According to the researchers' paper titled "ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs," users can make chatbots such as GPT-3.5, GPT-4, Gemini, Claude, and Llama2 respond to queries that are supposed to be rejected. The attack involves using ASCII art prompts generated by their ArtPrompt tool.

An experimental multiplayer online war game named "Tantalus," after a figure from Greek mythology, provides insightful data for real-world cyberattacks. Researchers at Sandia National Laboratories have used the game to study different conditions in cyberdeterrence strategies. The game is a human research study designed to collect data on how people's decisions during threatening situations affect national security.

Fintech firm EquiLend has recently started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.  On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.  EquiLend confirmed the next day that a ransomware attack caused the disruption and was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.

Security researchers at SpecterOps have developed a knowledge base repository for attack and defense techniques stemming from the improper setup of Microsoft's Configuration Manager (MCM). Improper setup could enable attackers to execute payloads or become domain controllers. MCM, formerly known as System Center Configuration Manager (SCCM, ConfigMgr), is used in many Active Directory (AD) environments to help administrators manage servers and workstations on a Windows network.

Despite its safeguards and safety protocols, Google's Gemini Large Language Model (LLM) is still vulnerable to attacks that could cause it to generate harmful content, reveal sensitive data, or perform malicious actions. Google Gemini, formerly known as Bard, is a multimodal Artificial Intelligence (AI) tool capable of processing and generating text, images, audio, video, and code. In a new study, HiddenLayer researchers discovered that they could manipulate Google's AI technology to generate election misinformation, cause it to leak system prompts, and more.

According to security researchers at Sophos, over three-quarters of cyber incidents impacted small businesses in 2023, with ransomware having the biggest impact on these firms.  The researchers noted that the notorious LockBit group made up the highest number of small business ransomware incidents handled by Sophos Incident Response last year, at 27.59%.  LockBit infections were considerably higher than the next highest groups: Akira (15.52%), BlackCat (13.79%), and Play (10.34%).