It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

Cybersecurity Breaches and Threats

• ⚠️ Internet Archive (Archive.org) suffers its second breach this month, exposing support tickets via unrotated Zendesk credentials. (Published on 10/21/2024, Hack Read). Read More

• 🔧 VMware patches another remote code execution flaw exploited during a Chinese hacking contest in June 2024. (Published on 10/21/2024, SecurityWeek). Read More

• 🛑 Cybercriminals use anti-bot services to bypass Chrome’s "Red Page" phishing warnings, increasing risks for users. (Published on 10/21/2024, Dark Reading). Read More

• 🔓 Proof-of-concept exploit code for a Windows NTLM relay attack is publicly available, enabling attackers to take over domains. (Published on 10/22/2024, BleepingComputer). Read More

• 🦠 Bumblebee and Latrodectus malware return in new phishing campaigns after earlier setbacks from law enforcement. (Published on 10/22/2024, The Hacker News). Read More

• 📱 Google warns of a zero-day flaw in Samsung processors exploited in the wild for arbitrary code execution. (Published on 10/22/2024, SecurityWeek). Read More

• 🚨 Fortinet discloses a critical FortiManager flaw exploited in zero-day attacks to steal sensitive configuration data. (Published on 10/23/2024, BleepingComputer). Read More

• 🎮 Lazarus Group exploits a Chrome zero-day in a campaign targeting cryptocurrency investors using AI-generated content. (Published on 10/23/2024, Dark Reading). Read More

• 🏦 New variants of Grandoreiro banking malware emerge with enhanced evasion techniques, continuing to attack users globally. (Published on 10/23/2024, The Hacker News). Read More

• 🔒 The Internet Archive continues to face cyberattacks, hampering its recovery from recent breaches. (Published on 10/24/2024, InformationWeek). Read More

Emerging Techniques and Trends

• 🤖 AI chatbots can now be tricked into generating restricted content using a new jailbreak technique called the "Deceptive Delight" cocktail. (Published on 10/24/2024, Dark Reading). Read More

• ⚡ Third-party vendors account for 45% of breaches in the U.S. energy sector, highlighting critical supply chain vulnerabilities. (Published on 10/24/2024, Malware.News). Read More

• 🛡️ Amazon seizes domains used by Russian APT29 in targeted attacks against government and military organizations. (Published on 10/25/2024, BleepingComputer). Read More

• 💻 Researchers discover a command injection flaw in Wi-Fi Alliance’s Test Suite, enabling attackers to execute code with elevated privileges. (Published on 10/25/2024, The Hacker News). Read More

• 🔨 The Linux Kernel Project removes 11 Russian developers over U.S. sanctions, potentially impacting project development. (Published on 10/25/2024, Hack Read). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!