North Korean hackers are using RustDoor malware to target cryptocurrency users on LinkedIn, posing as recruiters for legitimate decentralized finance (DeFi) companies like STON.fi.

Google is updating Chrome’s post-quantum cryptography to defend against quantum computer attacks. The new encryption system, ML-KEM, replaces Kyber for enhanced security.

Google has addressed a critical security flaw in Google Cloud Platform (GCP) Composer that could have allowed remote code execution via a supply chain attack known as dependency confusion.

A critical vulnerability, CVE-2024-6091 (CVSS 9. 8), has been found in AutoGPT, a popular AI tool with over 166,000 projects at risk. The flaw allows for OS Command Injection, potentially enabling unauthorized actions.

The malicious software called ClipBankers can monitor clipboard activity and replace cryptocurrency addresses with those controlled by attackers, diverting digital asset transfers to rogue wallets.

The vulnerability, tracked as CVE-2022-46723, enables attackers to manipulate files within the macOS Calendar app environment and execute remote code during system upgrades.

23andMe has pledged $30 million to compensate the 6.4 million people affected by a data breach in October 2023. The breach occurred when a hacker used stolen credentials to access a significant amount of account information, including health data.

Although Indodax did not confirm the exact amount stolen, reports suggest $22 million. The company warned users about potential scammers taking advantage of the situation.

Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims’ internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.

A recently patched Windows vulnerability, identified as CVE-2024-43461, was exploited by the Void Banshee APT hacking group in zero-day attacks to install information-stealing malware.