At the recent IEEE International Solid-State Circuits Conference (ISSCC), researchers presented technologies to combat sneaky hack attacks.

"Evasive Panda," a China-linked threat actor, has been targeting Tibetan users with both watering hole and supply chain attacks since September 2023.

According to Mackenzie Jackson, a developer and security advocate at GitGuardian, Artificial Intelligence (AI) has increasingly empowered malicious attackers.

Nation-state cyber threat groups are again turning to USBs to infiltrate government organizations and critical infrastructure facilities.

TA577, also known in the security industry as Hive0118, has targeted organizations with rogue email attachments that, when opened, steal Microsoft Windows NT LAN Manager (NTLM) authentication information.

In November 2023, security researchers at IBM Security Trusteer discovered malware called "Fakext," which uses a malicious Edge extension to execute man-in-the-browser and web-injection attacks.

Misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis are the target of new Golang-based malware that automates the discovery and compromise of the hosts.

In February, two systems from the Cybersecurity and Infrastructure Security Agency (CISA) were hacked through issues with Ivanti products. Ivanti provides software to manage IT security and system access.

An ad fraud campaign uses thousands of hijacked legitimate domains and subdomains to send millions of spam emails, generating revenue for the threat actors.

Microsoft warns that Russian hackers who launched several high-profile attacks on the US government are now exploiting information stolen from the company's systems in November.

The National Cyber Security Centre (NCSC) of Switzerland has recently released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, noting evidence of active exploitation.