JavaGhost Phishing Campaigns Exploit AWS Misconfigurations to Send Emails from Trusted Domains

A sophisticated phishing campaign is exploiting AWS misconfigurations to send emails from trusted domains using Amazon SES and WorkMail. Learn how attackers gain access, evade detection, and persist in compromised AWS environments.

Microsoft Details Silk Typhoon’s IT Supply Chain Attacks

Downstream victims of Silk Typhoon's supply-chain attacks were largely focused in the state and local government as well as the IT sector.

VMware Patches Three Actively Exploited Bugs

🎓️ Vulnerable U | #105

Apple removes major encryption feature from UK, Palo Alto Networks and CrowdStrike put out awesome attacker stats reports, Major background check company breached, and much more!

FBI: North Korea Behind $1.5 Billion Bybit Cryptocurrency Exchange Heist

More details behind the Bybit $1.5 billion hack, which occurred on Feb. 21 and is the largest digital heist in the history of cryptocurrency, continued to emerge this week.

Google Reports Uptick in Higher Education Phishing Attacks

The attacks, which started to increase around August 2024, have used an array of tactics to trick students, faculty and staff

DISA Says Data Breach Affects 3.3 Million People

Apple Halts Advanced Data Protection in the UK

The decision does not affect customers outside the UK

🎓️ Vulnerable U | #104

New info on US Treasury hack, Russia with new phishing techniques, macOS malware updates, Cyber crime groups turning phishing into loaded Apple and Google wallets, and much more!

CISA and FBI: China-Linked Ghost Ransomware Targets Known Flaws

CISA and the FBI said the Ghost ransomware has compromised entities in more than 70 countries, making it a global threat.

SonicWall CVE-2024-53704 Bug Under Attack

Russian Espionage Attacks Target Signal Messenger Feature

Researchers with Mandiant are warning of an increasing wave of attacks by Russian threat actors that target victims' Signal Messenger accounts.