This week’s roundup covers attackers abusing AI chatbot and SEO recommendations to spread fake utilities, deploy ScreenConnect, and run GPU-focused cryptocurrency miners, alongside a new Grandoreiro banking trojan campaign and The Gentlemen ransomware’s self-propagating Go encryptor. It also highlights exposed Automatic Tank Gauge systems, a Hola Browser supply-chain miner, Ultrahuman’s data breach, and a critical unpatched Comodo firewall flaw dubbed ComoDoS. #Grandoreiro #TheGentlemen #Storm-2697 #ScreenConnect #Ultrahuman #HolaBrowser #ComodoInternetSecurity #AutomaticTankGauge
Keypoints
- Attackers used SEO and AI chatbot recommendations to push fake utilities and deploy miners.
- Grandoreiro targeted financial institutions in Portugal and Latin America through DLL side-loading.
- The Gentlemen ransomware used a self-propagating Go encryptor with SYSTEM-level scheduled tasks.
- CISA and other agencies warned about internet-exposed Automatic Tank Gauge systems being actively exploited.
- Researchers disclosed ComoDoS, an unpatched Comodo Internet Security flaw that can crash Windows endpoints.