While email correspondences between the Congressional Research Service and other Library staff and certain congressional offices between January and September had been compromised, such an intrusion — which was initially reported by NBC News — did not affect the House and Senate's IT networks and respective email accounts.
While SVG primarily enables the crafting of images using text, lines, and shapes in code rather than pixels, such files could also be utilized to show HTML and facilitate JavaScript execution in credential-stealing phishing forms.
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.
The U.S. Department of Justice announced that Nigerian hacker Kolade Akinwale Ojelade has been sentenced to more than 26 years imprisonment for his involvement in a massive phishing scam against real estate businesses that resulted in the theft of $12 million.
Attackers targeted a government organization in a country part of the Commonwealth of Independent States with an email containing a concealed attached document and distinct tags within its body that facilitate arbitrary JavaScript execution.
Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon execution.
