A malicious campaign targeting users searching for W2 forms began on June 21, 2024, with a JavaScript file dropping a Brute Ratel Badger DLL into the user's AppData. This initiated the installation of a Latrodectus backdoor.

A critical security vulnerability, CVE-2024-5806, has been found in MOVEit Transfer, a popular file transfer software. The vulnerability allows attackers to bypass authentication checks and gain administrative access by sending manipulated requests.

Oyster is a backdoor that collects host information, communicates with C2 addresses, and allows remote code execution. It was first discovered in September 2023 by IBM researchers and gained the nickname "CleanUpLoader" in February.

Cybercriminals have weaponized popular software tools like WinSCP and PuTTY to deliver ransomware, tricking users into downloading malicious installers that infect their systems with a Sliver beacon and other malicious payloads.

The threat actors then call the impacted users, posing as members of the organization's IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions.

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data.

These include authenticated remote code execution via "zip slip" and WebDAV path traversal, session fixation on the remote administration server, information disclosure via path traversal on FTP, and information disclosure in the admin interface.

In the attack technique called Bring Your Own Vulnerable Driver (BYOVD), an adversary with administrative privileges installs a legitimately signed driver with a vulnerability on the victim system.

The list, by Rapid7, is focused on the top offenders for the last half of the year and provides a smoothed trending view (vs. discrete daily counts) to help you make your Naughty/Nice inclusion decisions.