GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024.

According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive information from infected workstations.

According to YouTube, scammers use an AI-generated video of the company’s CEO in phishing attacks to steal user credentials.

Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure.

Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company’s flagship chipsets. This partnership will enable vendors to release software and security updates for their devices for up to eight years.

According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there more than 100,000 times. The malware known as SpyLoan (i.e. predatory loan app) was disguised as the legitimate Finance Simplified app used to apply for loans in India.

According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action Committee (PAC) affiliates.