Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims’ internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.

A recently patched Windows vulnerability, identified as CVE-2024-43461, was exploited by the Void Banshee APT hacking group in zero-day attacks to install information-stealing malware.

Cybersecurity researchers have identified ongoing phishing campaigns that exploit refresh entries in HTTP headers to distribute fake email login pages to steal user credentials.

Mandiant’s report highlights the escalating cyber threats facing Mexico, with a rise in global espionage and local cybercrime targeting individuals and businesses. Since 2020, cyber espionage groups from over 10 countries have targeted Mexican firms.

The FCC is seeking volunteers to serve as administrators for a new cybersecurity labeling program, allowing consumers to identify products less vulnerable to cyberattacks.

Nonhuman identity and access management company Aembit Inc. has secured $25 million in funding to enhance its solutions. The Series A funding round was led by Acrew Capital.

Ireland’s data protection authorities are investigating Google’s AI model to ensure compliance with GDPR. The Irish Data Protection Commission (DPC) is leading the inquiry into Google Ireland under Section 110 of the Data Protection Act 2018.

A recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.

WordPress will require two-factor authentication for plugin developers starting October 1, 2024. This mandate will also apply to theme authors. The organization aims to enhance security by preventing hijacked accounts from spreading malicious code.

GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.