The LeakNet ransomware group has adopted the ClickFix social engineering technique to infiltrate corporate environments. Utilizing a Deno runtime for in-memory loading, this method allows for stealthy deployment, bypassing traditional detection mechanisms. Security teams should be aware of this evolving threat and update their detection strategies to identify such in-memory execution techniques.
The GlassWorm supply chain attack has resurfaced, targeting over 400 code repositories on platforms like GitHub, npm, VSCode, and OpenVSX. This coordinated attack injects malicious code into legitimate projects, posing significant risks to developers and end-users. Security teams must audit dependencies regularly and employ tools to detect unauthorized changes in codebases.
Apple has issued security updates for iOS, iPadOS, and macOS to address a critical WebKit vulnerability. The flaw, which could allow attackers to execute arbitrary code, affects Safari and other WebKit-based applications. Users are urged to update their devices immediately to mitigate potential exploitation risks.
STAY UPDATED
Daily security digest, straight to your inbox.