The Dubai Police are the latest victims of impersonation by fraudsters in the United Arab Emirates (UAE), who are sending thousands of text messages out to unwitting mobile users while purporting to represent the law enforcement agency.

The two auto insurance companies will pay a hefty penalty for what the State of New York says was inadequate security that allowed hackers to compromise the personal data of more than 12,000 state residents.

The Russian-linked APT RomCom exploited two zero-day vulnerabilities in Firefox, Tor, and Windows for zero-click attacks in October. Victims unknowingly downloaded a backdoor from spoofed websites, targeting North America and Europe.

By last August 2024, the ransomware group was using its own custom-developed malware, Cogscan, used to map victim networks and sniff out the most valuable data, as well as a .NET-based utility called Knotrock, used to execute ransomware.

Researchers at Cofense discovered the campaign, in which adversaries impersonate the OpenSea website and claim a user has a new offer on a listing on the site to try to bait them into clicking on a malicious link.

Two Python packages posing as tools to integrate with popular chatbots and provide API access are actually delivering "JarkaStealer," an infostealer designed to target potentially thousands of victims.

A cybercrime tool called GoIssue is being sold for $700 on a forum. It helps cyberattackers steal email addresses from GitHub profiles to use for further attacks like malware delivery and data breaches.

Citrix has released patches for two vulnerabilities in its Virtual Apps and Desktop technology that could allow remote attackers to escalate privileges or execute arbitrary code on affected systems.

The emails are automated, and they look like they come from legal representatives of real companies. Many of these companies are in the technology, media, and entertainment industries.

OWASP's guidance focuses on building infrastructure for authenticating human identity in video calls, creating processes for financial transactions, and developing incident-response plans.