• Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
  • CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats CISA called out Iranian threat actors affiliated with the (IRGC) for exploiting operational technology devices with default passwords to gain access to critical infrastructure systems in the U.S.
  • Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware.
  • Information stealing malware on undocumented Google OAuth endpoint Named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.
  • SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks.
  • Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild Users are recommended to upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux to mitigate potential threats.