Ransomware operations are experiencing a decline in profitability due to various factors such as increased cyber resilience of organizations, the availability of decryptors, and more frequent law enforcement actions.

While there are many MSP-related threats out there, the reality is not as dire as one might think

The attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023.

Identified by analysts in 2022, the hackers use social engineering to lure users into giving up their login credentials or one-time password codes to bypass multifactor authentication.

WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.

The FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.

A critical remote code execution (RCE) flaw, CVE-2023-49606, was found affecting nearly 52,000 Tinyproxy servers. This vulnerability was disclosed by Cisco Talos in December 2023, impacting versions 1.11.1 and 1.10.0 of Tinyproxy.

A high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user 

AT&T has split its cybersecurity services business to form a new company called LevelBlue. It includes AT&T’s managed security services business, cybersecurity consulting business, and assets from the acquisition of AlienVault in 2018.