According to a detailed analysis by Rapid7, the threat actors have refined their techniques, introducing novel methods for gaining access and delivering malware, including Zbot, DarkGate, and custom-developed tools.

Discovered during the 2024 Pwn2Own IoT competition, these vulnerabilities let attackers compromise the devices, potentially accessing live video feeds and executing harmful code remotely.

This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the “Diff or Compare” functionality, which occurs due to improper handling of file uploads with script-laden filenames.

Once executed, the malware extracts sensitive information from Userinfo.dll and transmits it to a remote server, which periodically checks for new instructions, enabling remote control over the compromised system.

Lumma Stealer, a sophisticated information-stealing malware, is spreading through Telegram channels, exploiting the platform’s popularity to bypass traditional security measures and target unsuspecting users, potentially compromising sensitive data.

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services.

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8.

Rapid7 identified multiple intrusion attempts by threat actors utilizing social engineering tactics on June 20, 2024. The threat actors use email bombs followed by calls to offer fake solutions, with recent incidents involving Microsoft Teams calls.

A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user's AppData. This initiated the installation of a Latrodectus backdoor.

A critical security vulnerability, CVE-2024-5806, has been found in MOVEit Transfer, a popular file transfer software. The vulnerability allows attackers to bypass authentication checks and gain administrative access by sending manipulated requests.