The U.S. Department of Homeland Security (DHS) has issued a request for information to assess the security of technology at ports in order to develop a Maritime Port Resiliency and Security Research Testbed.

The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary "runonce.exe," giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.

The operation was linked to Iran's Storm-2035, also flagged by Microsoft for election interference. Google has also reported Iranian cyber influence activity. OpenAI identified 12 X accounts and one Instagram account involved in the operation.

Once a stolen card is added to the attacker's wallet, they can use it to make purchases without being detected, even after the original card has been canceled. Recurring transactions are also vulnerable to abuse, allowing payments with locked cards.

Orion SA recently disclosed to US regulators that it fell victim to a criminal wire fraud scheme resulting in a $60 million loss. The incident, possibly a BEC scam, involved fraudulent wire transfers to unknown third-party accounts by an employee.

Alibaba's T-Head C910 RISC-V CPUs have been found to have serious security flaws by computer security researchers at the CISPA Helmholtz Center for Information Security in Germany.

Symantec's Threat Hunter Team has observed various espionage operations utilizing cloud services, like the backdoors GoGra and Grager targeting organizations in South Asia, South East Asia, Taiwan, Hong Kong, and Vietnam.

A class-action lawsuit is brewing over the cyber-heist of 2.9 billion personal records that were stolen from a Florida data broker, Jerico Pictures, doing business as National Public Data, and sold on the dark web.

SnakeKeylogger, also known as KrakenKeylogger, is a malicious software targeting Windows users. It logs keystrokes, steals credentials, and takes screenshots, allowing cybercriminals to capture sensitive information.

WeRedEvils announced their intention to target Iranian systems on Telegram, claiming their attack was successful in infiltrating Iran's computer systems, stealing data, and causing the outage.