Vulnerability ManagementAttacks on Ivanti appliances demonstrate danger of chained exploitsCISA warned that attackers are chaining a number of CVE-listed vulnerabilities into a single exploit script.
PhishingReddit, WeTransfer pages spoofed in Lumma Stealer campaignNearly 1,000 imitation pages were discovered, targeting users looking for other software.
AI/MLGhostGPT offers AI coding, phishing assistance for cybercriminalsThe “uncensored” GenAI tool was advertised on cybercrime forums with a focus on BEC scams.
Vulnerability ManagementHigh-severity flaw in file archiver 7-Zip requires manual updateThe vulnerability could enable attackers to use nested archives to bypass Windows security warnings.
RansomwareRansomHub infection facilitated by possible AI-assisted Python backdoorThe backdoor spread laterally after initial access via a suspected SocGholish malware download.
Security Strategy, Plan, BudgetNorth Korea’s IT worker scam linked to 2016 crowdfunding operationSecurity pros say the link Secureworks made to a decade-old DPRK crowdfunding campaign are credible.
MalwareMalicious WordPress database entry, widget steals credit card infoThe fileless script injection is difficult to detect using traditional scanning methods.
RansomwareFunkSec ransomware chases notoriety with AI-assisted codeThe group claimed 85 victims in December but shows signs of inexperience.
Proactive law enforcement takedowns in 2024 reshaped the cybercrime ecosystemDon Smith December 30, 2024