Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang are using malvertising for popular software to distribute the Nitrogen malware and infect organizations with ransomware.

The Rhysida attackers exploit vulnerabilities like the lack of Multi-Factor Authentication (MFA) and the Zerologon vulnerability to gain initial access and maintain a presence within victims’ networks.

Hackers claiming responsibility for the breach have announced it on the Breach Forums. They allege to have stolen over 20GB of Plume’s Wi-Fi database, containing 15 million lines of information.

Critical infrastructure, including water supplies and electricity grids, are likely targets for cyberattacks, along with the theft of military secrets and intellectual property.

The funding round was led by Maor Investments and Ten Eleven Ventures. Vulcan Cyber aims to integrate third-party sensor data and build partnerships with technology vendors.

Researchers discovered vulnerabilities in Google Workspace that could lead to ransomware attacks, data theft, and password decryption. They exploit Google Credential Provider for Windows, allowing attackers to steal refresh tokens and bypass MFA.

Google is taking legal action against cybercriminals who used fake websites to deliver malware and gain control of social media accounts through a scam involving its chat-based AI tool, Bard.

New York Governor Kathy Hochul has proposed new cybersecurity rules for hospitals in the state to establish robust cybersecurity programs, assess risks, and implement protective measures to combat the rising threat of cyberattacks.

Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the Python community, across all projects, with 768 of them validated as authentic.

A credit card skimming campaign called Kritec has recently picked up in activity, compromising numerous online stores and stealing credit card information from unsuspecting shoppers.