China has been regarded by FBI Deputy Assistant Director Cynthia Kaiser to be the leading threat faced by U.S. critical infrastructure, with its state-backed threat operations leveraging artificial intelligence to facilitate increasingly efficient cyber intrusions, reports The Register.

BleepingComputer reports that internet-exposed Git configuration files which could contain account credentials, access tokens, branch information, remote repository URLs, and automation scripts have been scanned by almost 4,800 unique IP addresses daily between April 20 and 21, amounting to the highest volume attack wave recorded since late last year.

Threat actors have leveraged the Phorpiex botnet, also known as Trik, to enable automated deployment and execution of the LockBit ransomware payload as part of a new phishing attack campaign, according to Infosecurity Magazine.

Attacks involving a Windows-based surveillance malware have been launched against multiple senior members of the World Uyghur Congress as part of a new spear-phishing campaign discovered in early March, The Hacker News reports.

Novel Gremlin Stealer malware emerges Data theft could be conducted by threat actors through the novel Gremlin Stealer malware, which has been promoted through the CoderSharp Telegram channel since mid-March, reports Infosecurity Magazine.

Ongoing intrusions leveraging a critical Qualitia flaw in Active! mail 6 and a pair of high-severity bugs in the Commvault webserver and Broadcom Brocade Fabric OS have been reported by the Cybersecurity and Infrastructure Security Agency, which urged the remediation of the issues by May 17 following their inclusion in its Known Exploited Vulnerabilities catalog, according to SecurityWeek.

More secure software development practices have prompted a decline in actively exploited zero-day vulnerabilities between 2023 and 2024, Cybersecurity Dive reports.

The Oregon Department of Environmental Quality was reported by Oregon Public Radio to have had almost 2.4 TB of data containing 1.3 million files with sensitive employee details exposed by the Rhysida ransomware gang following the agency's noncompliance with its demands, according to StateScoop.

Cybernews reports that Nova Scotia Power, which is the primary electric utility in the Canadian province, had some of its IT systems taken down following a cyberattack that resulted in the disruption of customer account access.

Russian cryptocurrency exchange Garantex which had its domains sequestered and an administrator apprehended last month is suspected to have been reborn as Grinex owing to significant associations between both platforms, BleepingComputer reports.