Keypoints :

• Broadcom patched three critical zero-day vulnerabilities in VMware products, allowing local code execution on the host.
• Microsoft-signed driver vulnerabilities being exploited in ransomware attacks for privilege escalation on Windows devices.
• Google’s Android update fixes two zero-days utilized by authorities for device unlocking and accessing sensitive data.
• Rubrik experienced a non-ransomware data breach leading to key rotations with no evidence of customer data compromise.
• Black Basta and Cactus ransomware groups utilized BackConnect malware to stage advanced social engineering attacks.
• Silk Typhoon targets IT supply chain vulnerabilities to gain access for espionage activities, particularly against governmental and IT sectors.
• Malicious PyPI package ‘set-utils’ detected, exfiltrating Ethereum private keys from developers.
• Eleven11bot botnet infects IoT devices for DDoS attacks, leveraging weak credentials.
• Akira ransomware gang bypasses EDR by using unprotected webcams to execute attacks.
• Malvertising campaign impacted over 1 million PCs, utilizing GitHub to deploy malware.
• BadBox Android malware botnet disrupted, infecting over 1 million devices globally.
• Tata Technologies targeted by ransomware group Hunters International, with 1.4TB of data at risk.
• 12,000 valid API keys and passwords discovered in AI training datasets, raising security concerns.
• Qilin cyber gang claims responsibility for the Lee Enterprises data breach, threatening to publish stolen data.
• 6 critical infrastructure sectors struggling with NIS2 compliance issues identified by Enisa.
• U.S. Cyber Command directed to stand down on planning against Russia, potentially increasing risks.