A 24-year-old leader of an international robbery crew, Remy St Felix, has been convicted in the US for carrying out violent home invasions to steal cryptocurrency tokens.

Federal authorities are warning about social engineering and phishing scams that target IT help desk workers and allow attackers to steal login credentials in order to access healthcare sector entities’ IT systems.

A former employee of Nuance Communications, a unit of Microsoft, is the main suspect in a 2023 data breach that affected over 1 million patients of Geisinger, a healthcare system based in Pennsylvania.

One attack involves setting up a fake base station using a Raspberry Pi or a software-defined radio (SDR). These devices can imitate a real base station and are readily available for purchase.

Police forces from 61 countries have collaborated in Operation First Light 2024, led by Interpol, resulting in the arrest of 3,950 suspects and the identification of 14,643 more.

A critical vulnerability has been discovered in certain versions of GitLab Community and Enterprise Edition products. This vulnerability allows an attacker to run pipelines as any user.

A sophisticated multi-stage malware campaign by the threat actor “Water Sigbin” (also known as the 8220 Gang) exploits Oracle WebLogic vulnerabilities to deliver a cryptocurrency miner called XMRig.

MerkSpy is designed to covertly monitor user activities, capture sensitive information like keystrokes and Chrome login credentials, and exfiltrate the data to the attacker’s server.

The campaigns, named LegalQloud, Eqooqp, and Boomer, deploy highly evasive and adaptive threat (HEAT) attack techniques that can bypass multifactor authentication (MFA) and URL filtering.

Unfurling Hemlock is using a new method, referred to as a “malware cluster bomb,” which allows the threat actor to use one malware sample to spread additional malware on compromised machines.