A newly identified Russia-affiliated threat actor, Void Blizzard (also known as LAUNDRY BEAR), has been conducting widespread cyberespionage operations targeting critical sectors across NATO member states and Ukraine.

A Turkish-aligned cyber-espionage group known as Marbled Dust has exploited a zero-day vulnerability in Output Messenger to conduct surveillance on Kurdish military operations in Iraq.

Microsoft Defender Experts has observed a rise in malicious campaigns that use Node.js to deliver malware and other harmful payloads. These campaigns aim to steal information and exfiltrate data from compromised systems.

These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.

The sender address used by the threat actor in this campaign impersonates a US government official, continuing Star Blizzard’s practice of impersonating known political/diplomatic figures, to further ensure target engagement.

Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.

Microsoft has discovered a new type of jailbreak attack called Skeleton Key. This technique uses a multi-turn strategy to make the model ignore its guardrails, allowing it to generate forbidden content or override its decision-making rules.

AI jailbreaks can lead to various risks and harms, including unauthorized data access, sensitive data exfiltration, generating ransomware, subversion of decision-making systems, and IP infringement.

Cybercriminals are exploiting Microsoft's Quick Assist tool to conduct social engineering attacks and deliver ransomware like Black Basta to target users across various industries.

A vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app's home directory, potentially leading to code execution and unauthorized access to user data.