The flaw is a memory corruption issue in Apple’s RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections.

Threat actors are using DNS tunneling as a means to scan for network vulnerabilities and check the success of phishing campaigns, according to new research from Palo Alto Networks.

The source code of the INC ransomware-as-a-service (RaaS) operation, which has targeted organizations like Xerox Business Solutions, Yamaha Motor Philippines, and Scotland’s National Health Service (NHS), is being sold on hacking forums for $300,000.

Insider threats, including dishonest actions to obtain benefits through theft or deception, have seen a significant rise in the past year, driven by factors like rising cost of living, remote work, and the increasing sophistication of fraud tactics.

Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar.

The UK’s NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms.

Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication.

The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.

Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were “not focused on promoting any technical cooperation” between the two world superpowers on AI or emerging technologies.

US officials say that a notorious Chinese hacking operation named Volt Typhoon has permanently altered the cyberthreat landscape by moving beyond traditional nation-state espionage goals and instead aiming to cause disruption and sow societal panic.