API security

Malicious .ISO and .IMG attachments within phishing emails delivered by RedCurl trigger a multi-stage attack that runs an executable to enable curl utility downloading and loader delivery.

Such newly secured funds, obtained from Schneider Electric, Mitsubishi Electric, and Samsung, among others, will be allocated toward global go-to-market support and product development initiatives.

Threat actors behind the campaign have sent malicious emails with a PDF attachment containing a link that redirects to a breached web server housing an internet shortcut file.

The software giant urged users to prioritize patching the RCE and DoS vulnerabilities but said neither had been actively exploited.

Fixes have been issued by Microsoft for at least 60 security issues impacting several of its offerings as part of this month's Patch Tuesday.

Seven malicious Python Package Index packages, which amassed nearly 7,500 downloads prior to their removal, have been leveraged by threat actors to facilitate the exfiltration of cryptocurrency wallet recovery passwords.

Despite the elevated number of potentially vulnerable Fortinet instances, most of which were in the U.S. and India.

Threat actors were able to access patients' medical and health insurance details, as well as their birthdates and addresses, noted UT Southwestern in a filing with the Office of the Texas Attorney General.