FrostyGoop is the ninth reported OT-centric malware, but the first that used Modbus TCP communications to impact the power supply to heating services for over 600 apartment buildings.

Palo Alto Networks researchers found two critical vulnerabilities in Google’s Vertex AI platform: ModeLeak. These vulnerabilities can lead to privilege escalation and model exfiltration, giving attackers access to data in ML and LLM environments.

During a Silent Skimmer campaign in May 2024, attackers gained access to servers by exploiting outdated Telerik UI vulnerabilities, deploying reverse shells, and using tools like GodPotato for privilege escalation.

Historically involved in espionage and financial crime, this marks Jumpy Pisces' first observed use of an external ransomware infrastructure, potentially serving as an initial access broker or affiliate for Play.

The malicious actors behind Lynx use tactics like double extortion, where they steal victims' data before encrypting it and threaten to leak or sell it if the ransom is not paid.

KLogEXE is a C++ keylogger while FPSpy is a backdoor designed to collect system information and exfiltrate data from compromised devices. Both malware strains are primarily being distributed through spear-phishing emails.

Cybersecurity researchers at Palo Alto Networks' Unit 42 have discovered a prolific Phishing-as-a-Service platform called Sniper Dz, responsible for creating over 140,000 phishing websites in just one year.

Unit 42 researchers discovered a new variant of the RomCom malware family called "SnipBot," designed to target enterprise networks. It can infiltrate networks, execute remote commands, and download additional malicious software.

Unit 42 researchers have discovered an ongoing campaign involving tainted Python packages distributing Linux and macOS backdoors, known as PondRAT, linked to Gleaming Pisces, a North Korean threat actor targeting supply chain vendors.

Chinese APT group Stately Taurus exploited Visual Studio Code to target government entities in Southeast Asia for cyberespionage. They utilized the software's reverse shell feature to infiltrate networks, a technique first detected in 2023.