Two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in a federal court in Newark for their roles in the LockBit ransomware operation.

Canonical released security updates to fix various vulnerabilities in the Linux kernel for Microsoft Azure Cloud systems on Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. These flaws could lead to denial of service, data leakage, or arbitrary code execution.

A 17-year-old boy from Walsall has been arrested by UK police for his involvement in the 2023 MGM Resorts ransomware attack, connected to the Scattered Spider hacking group. The arrest was made with assistance from the NCA and the FBI.

Attackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.

While containers offer efficiency, they are vulnerable to attacks exploiting misconfigurations. Attackers can execute code or escalate privileges, endangering organizational security.

The U.S. sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for carrying out cyber operations against critical U.S. infrastructure. CARR has launched low-impact DDoS attacks in Ukraine and its allies since 2022.

Malicious campaigns have emerged, including one targeting BBVA bank customers with a fake CrowdStrike Hotfix that installs remote access tools. Another attack involves a data wiper distributed under the guise of a CrowdStrike update.

Beijing has claimed that the Volt Typhoon attack gang, accused by Five Eyes nations of being a Beijing-backed threat to critical infrastructure, was actually fabricated by the US intelligence community.

Most of the SEC civil fraud case against SolarWinds was dismissed by a U.S. District Court judge, but key allegations related to misleading investors about cybersecurity practices leading up to the 2020 Sunburst hack remain.