Ukraine’s state cyber response team (CERT-UA) warned that hackers are targeting notaries' computers in an attempt to gain remote access and manipulate government registries.

The campaign has been in preparation since July-August 2024 and entered the active phase in November-December 2024. Recent malware samples and command-and-control (C2) infrastructure activity indicate that the operation remains active in recent days.

Google’s security team said in a report on Wednesday that Signal’s popularity among military personnel, politicians, journalists and activists has made it a prime target for espionage operations.

Names linked to this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture, with ransomware samples used in their attacks including Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.

These advisories flagged under ICSA-24-191-01 (Update A) and ICSA-25-035-02 (Update A), address high-severity flaws that could enable remote code execution and denial-of-service attacks across industrial environments.

Threat actors have taken phishing to the next level by weaponizing custom Microsoft 365 applications to request sensitive information from users. User is taken to a legitimate Microsoft authentication page, making the phishing attack more convincing.

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.

These include forced browsing in Apache OFBiz (CVE-2024-45195), information disclosure in Microsoft .NET Framework (CVE-2024-29059), and OS command injection and local file inclusion in Paessler PRTG Network Monitor (CVE-2018-9276, CVE-2018-19410).

Unauthorized users could control the monitors, interrupt their functions, or corrupt patient data. A backdoor in the software allows bypassing cybersecurity controls, exposing patient data.