The surge in online job scams, targeting job seekers for personal information, has seen a significant increase in reported incidents, with a 545% spike in January 2024 compared to December 2023, according to the Identity Theft Resource Center (ITRC).

The acquisition will enable organizations to benefit from Laiyer AI's LLM Guard software, which detects, redacts, and sanitizes inputs and outputs from LLMs with lower latency, while also supporting open source contributions.

DarkCasino exploited a WinRAR 0-day vulnerability (CVE-2023-38831) to launch phishing attacks against forum users, posing a significant threat due to the large installed base and difficulty in identifying and defending against these attacks.

None of these attacks are especially sophisticated, but they do show how cybercriminals are shifting their attack techniques by combining techniques in different ways to evade detection.

The U.S. Justice Department is merging its National Cryptocurrency Enforcement Team with its Crime and Intellectual Property Section to strengthen its capabilities in investigating cryptocurrency-related criminal cases and cybercrime.

According to a Coveware report, in the second quarter of 2023, the percentage of ransomware attacks resulting in payment decreased to a record low of 34%. This is attributed to companies investing in security measures and incident response training.

The Legion hacktool, marketed in Telegram and in public groups and channels, harvests credentials from misconfigured web servers and use those credentials for email abuse, researchers at Cado Labs, who discovered Legion, said in a blog post.

This threat activity employs open redirect abuse, varied email senders, and URL randomization to bypass email security measures. The monthly volume of this activity more than doubled in three out of the past four months.

Researchers found that a majority of internet-exposed instances of Apache Superset – at least 2000 (two-thirds of all servers) – are running with a dangerous default configuration. This means many of these servers are effectively open to the public.

As generative AI tools like OpenAI ChatGPT and Google Bard continue to dominate the headlines—and pundits debate whether the technology has taken off too quickly without necessary guardrails—cybercriminals are showing no hesitance in exploiting them.