France and Europol's joint operation to dismantle the PlugX worm botnet, which has impacted millions of devices worldwide, involved the usage of a disinfection solution from Sekoia.io.

Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News.

Such a vulnerability stems from impacted devices' usage of an American Megatrends International-generated Platform Key with the "DO NOT TRUST" tag that the vendors should have replaced, according to a report from the Binarly Research Team.

Information exposed by the hacking incident revealed not only all devices infected with Spytech spyware, most of which were Windows PCs, but also their unencrypted activity logs.

Intrusions involved the use of the domain, crowdstrike-office365[.]com, to lure users into downloading a recovery tool purportedly addressing update-related boot loop issues but delivers a malware loader.

Threat actors set up fake accounts that look legitimate on the GitHub platform.

Stargazer Goblin used such GitHub Ghost accounts to establish the legitimacy of hundreds of repositories touted to be for social media, gaming, and cryptocurrency, according to a Check Point Research report.