The round, which brought the total amount to $30.2M, was led by Summit Peak Ventures (US) and King River Capital (US), with participation from Care Super (Australia) and BlackBird Ventures (Australasia), along with other investors.

The attackers upload a malicious DLL as a User-Defined Function library, allowing them to execute commands and deploy the Ddostf malware. The malware collects system information and waits for commands to launch DDoS attacks.

Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.

The SQL injection vulnerability, tracked as CVE-2023-6063 and with a high-severity score of 8.6, can be exploited by manipulating a cookie value to execute unauthorized SQL queries. Over 600,000 websites are still running the vulnerable plugin.

A targeted campaign against the gaming community exploits Discord channels and fake download sites to distribute types of information-stealing malware. Multiple information stealer families, including BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, were identified. To counter similar threats, online gamers are urged to download software exclusively from official and trustworthy websites.

The Royal ransomware gang, now known as BlackSuit, has undergone a strategic rebranding, unveiled in a joint advisory by CISA and the FBI. This shift, observed since November 2022, involves advanced encryption methods and sophisticated attack vectors, emphasizing the exploitation of vulnerabilities in public-facing applications and remote desktop protocols.

TA402 has recently employed a new initial access downloader called IronWind, using various infection chains and delivery methods such as Dropbox links, XLL and RAR file attachments, in order to evade detection.

The attackers utilize deceptive tactics, such as sending archive files disguised as PDFs, to trick victims into launching malicious executables and gain unauthorized access to their accounts.

The Medusa ransomware gang demanded a $6 million ransom, but Moneris stated that its security team stopped access to critical data and no ransom request was made. The company didn’t disclose when the breach was attempted or whether it paid a ransom.

Hackers linked to the Russian GRU targeted Danish critical infrastructure, exploiting vulnerabilities in Zyxel firewalls and demonstrating meticulous planning and coordination.