A 17-year-old boy from Walsall has been arrested by UK police for his involvement in the 2023 MGM Resorts ransomware attack, connected to the Scattered Spider hacking group. The arrest was made with assistance from the NCA and the FBI.

Attackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.

While containers offer efficiency, they are vulnerable to attacks exploiting misconfigurations. Attackers can execute code or escalate privileges, endangering organizational security.

The U.S. sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for carrying out cyber operations against critical U.S. infrastructure. CARR has launched low-impact DDoS attacks in Ukraine and its allies since 2022.

Malicious campaigns have emerged, including one targeting BBVA bank customers with a fake CrowdStrike Hotfix that installs remote access tools. Another attack involves a data wiper distributed under the guise of a CrowdStrike update.

Beijing has claimed that the Volt Typhoon attack gang, accused by Five Eyes nations of being a Beijing-backed threat to critical infrastructure, was actually fabricated by the US intelligence community.

Most of the SEC civil fraud case against SolarWinds was dismissed by a U.S. District Court judge, but key allegations related to misleading investors about cybersecurity practices leading up to the 2020 Sunburst hack remain.

The Revolver Rabbit cybercriminal gang has registered over 500,000 domain names for infostealer campaigns targeting Windows and macOS systems. They utilize registered domain generation algorithms (RDGAs) to rapidly register multiple domains at once.

Grype is an open-source vulnerability scanner for container images and filesystems that works with Syft to detect vulnerabilities in major operating system and language-specific packages like Alpine, Debian, Ruby, Java, Python, and more.