Cyber threats continue to shapeshift, introducing new challenges for defenders worldwide. A new phishing-as-a-service platform, FlowerStorm, has surfaced, targeting Microsoft 365 users across multiple countries and filling the gap left by the now-defunct Rockstar2FA service. Meanwhile, Akamai researchers have uncovered the Hail Cock botnet, leveraging IoT and networking device vulnerabilities to expand its reach. Additionally, new research revealed how LLMs can be exploited to create obfuscated JavaScript malware variants that evade detection and bypass security tools. Read on for more.
01
A new platform called FlowerStorm is emerging in the phishing services market, replacing the defunct Rockstar2FA service. It has targeted users in the U.S., the U.K, Italy, Australia, and Canada.
02
Akamai identified the Hail Cock botnet, a variant of the Mirai malware, actively exploiting IoT and networking devices from DigiEver, TP-Link, Tenda, and Teltonika.
03
Patchstack researchers reported 18 critical vulnerabilities in WPLMS and VibeBP WordPress plugins, allowing attackers to perform RCE, privilege escalation, and SQL injection attacks.
04
The FBI, DoD Cyber Crime Center, and National Police Agency of Japan revealed that a North Korean threat activity cluster, dubbed TradeTraitor, was linked to the $308 million cryptocurrency theft from DMM Bitcoin.
05
A critical vulnerability (CVE-2024-56145) in Craft CMS, a popular PHP content management system, allows unauthenticated RCE under certain settings, putting affected installations at risk.
06
FortiGuard Labs identified two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, exhibiting behaviors like keylogging, data exfiltration, webhook injection, and anti-VM checks.
07
The Security Service of Ukraine reported a Russia-linked cyberattack on state registers operated by the Ministry of Justice, resulting in operational disruption to government processes.
08
Unit 42 researchers discovered that cybercriminals can use large language models (LLMs) to generate obfuscated JavaScript malware variants, bypassing detection tools like VirusTotal and tricking classifiers into labeling malicious scripts as benign.
09
Three npm packages, @rspack/core, @rspack/cli, and Vant, were compromised by threat actors who published malicious versions containing cryptominers.
10
IBM revealed two critical vulnerabilities in its Cognos Analytics platform, CVE-2024-51466 and CVE-2024-40695, which could threaten sensitive data and system integrity.
