The relentless evolution of cyber threats continues with the emergence of Gayfemboy, a Mirai-based botnet leveraging zero-day exploits to compromise industrial routers and smart home devices. In the Middle East, fraudsters posing as government officials are deploying advanced social engineering tactics. Using RedLine Stealer, they exploit victims' trust to intercept credit card details and OTPs. CISA has flagged critical vulnerabilities in Mitel MiCollab and Oracle WebLogic Server, citing active exploitation. Read on for more.
01
A new Mirai-based botnet, named Gayfemboy, has become more advanced, using zero-day exploits for security flaws in industrial routers and smart home devices.
02
A sophisticated social engineering scheme is targeting customers in the Middle East, where fraudsters impersonate government officials to gain trust and deploy Redline Stealer to steal card info.
03
Scammers are exploiting a legitimate PayPal money request feature by using a free Microsoft 365 test domain and a distribution list to deceive recipients.
04
Security researchers discovered over 4,000 backdoors using expired domains and abandoned infrastructure, posing a risk to government and academia-owned hosts.
05
Google launched a Chrome 131 update that fixes four security issues. Mozilla patched 11 vulnerabilities in Firefox, including three high-severity flaws related to memory safety.
06
The CISA added three vulnerabilities affecting Mitel MiCollab (CVE-2024-41713 and CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) to its KEV catalog, citing active exploitation.
07
The rate at which enterprise users clicked on phishing lures surged by 190% in 2024 compared to 2023. The top target for phishing campaigns by number of user clicks last year were cloud applications (27%).
08
The Illumina iSeq 100 DNA sequencing instrument has been found to have firmware security vulnerabilities, allowing potential attackers to brick the device or plant persistent malware.
09
The White House has announced the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices, designed to help American consumers assess the security of smart products.
10
Veracode purchased software supply chain security startup Phyllum. Terms of the acquisition were not disclosed.
