A federal agency server was compromised by a suspected Iranian advanced persistent threat (APT) group via the Log4j vulnerability. The threat actors breached a VMware Horizon server, installed cryptomining software, accessed domain control, compromised credentials, and installed a reverse proxy service. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation urged affected organizations to assume compromise and initiate threat hunting activities.
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is using fraudulent Google Meet conference pages to lure users, showing bogus connectivity error messages that deliver info-stealing malware for Windows