The notorious Trik botnet, aka Phorpiex, is being sold in antivirus circles, offering advanced capabilities to evade detection. This C++ botnet includes modules such as a crypto clipper, a USB emitter, and a PE infector targeting crypto wallets.

Multiple SMTP servers are vulnerable to spoofing attacks that allow hackers to bypass authentication. Two vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in authentication and verification mechanisms provided by SPF and DKIM.

Ubuntu has fixed two vulnerabilities in OpenVPN, a virtual private network software. These vulnerabilities could keep the closing session active or lead to denial of service. Canonical released security updates for affected Ubuntu releases.

Cybercriminals targeted Polish businesses with Agent Tesla and Formbook malware through widespread phishing campaigns in May 2024. Small and medium-sized businesses (SMBs) in Poland, Italy, and Romania have been affected.

The Blue Report 2024 highlights alarming findings, with 40% of environments vulnerable to total takeover, emphasizing the importance of cybersecurity. Prevention effectiveness has improved to 69%, but detection effectiveness has dropped to 12%.

TrustedSec released a post-exploitation framework called "Specula", which exploits CVE-2017-11774 to create a custom Outlook Home Page using WebView and execute arbitrary commands on compromised Windows systems.

Initially detected in May 2020 by Bitdefender, Mandrake went undetected for four years. In April 2024, Kaspersky identified a new variant hidden in five Google Play apps from 2022 to 2024.

Initially relying on Qakbot botnet infections, UNC4393 now uses custom malware and diverse access techniques after the crackdown on Qakbot. They have quick reconnaissance and encryption objectives, with a median time of 42 hours to ransomware.

Breaches impacted 17 industries across 16 countries and regions, with costs related to detecting breaches, notifying victims, post-breach response efforts, and lost business.

A bug hunter discovered a bypass in Meta's Prompt-Guard-86M model by inserting character-wise spaces between English alphabet characters, rendering the classifier ineffective in detecting harmful content.