An operational security failure by INC ransomware allowed researchers to recover data stolen from 12 US orgs. A forensic investigation that revealed the use of the Restic backup tool and exposed attacker infrastructure.

Fortinet's FortiGate firewalls are under attack due to a critical authentication bypass vulnerability that remains exploitable despite previous patch attempts. Attackers are leveraging this flaw to gain unauthorized access to systems.

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing to breach cloud environments of Fortune 500 companies.

A new family of Android click-fraud trojans is leveraging TensorFlow machine learning models to interact with advertisement elements. This malware is distributed through Xiaomi's GetApps store and third-party APK sites.

A malicious ad-blocker extension called NexShield has been discovered, targeting Chrome and Edge users through a malvertising campaign. This extension creates a DoS condition by generating infinite connections, leading to browser crashes.

The UK government has issued a warning about ongoing DDoS attacks by the Russian-aligned hacktivist group NoName057(16), targeting critical infrastructure and local government organizations.

An XSS vulnerability in the StealC malware's control panel has been exploited by researchers to gather intelligence on the malware operators. This flaw allowed researchers to hijack sessions and collect data on the attackers' hardware and location.

The Gootloader malware has adopted a new delivery method using malformed ZIP archives, which involves concatenating up to 1,000 parts to evade detection. This technique is designed to crash analysis tools like 7-Zip and WinRAR.

The FBI issued a warning regarding Kimsuky that is using malicious QR codes in spearphishing campaigns. These campaigns target U.S. organizations involved in North Korea-related policy, research, and analysis.

Microsoft is investigating a bug in classic Outlook that prevents recipients from opening encrypted emails with "Encrypt Only" permissions after a recent update. Affected users see a message_v2.rpmsg attachment instead of readable content.