Social engineering, or fooling people into doing bad actions, is one of the most successful attack methods of cybercriminals. Building on success, they have a new way to do it and gain access to company systems and steal money.
Attackers have shown that no technical skill is needed to perpetrate a significant cyber compromise. Social engineering, the art of convincing people that you are authorized to get confidential information, is enough.
CrushFTP is a file transfer package used by many companies. By exploiting a zero-day vulnerability attackers have been able to gain access and even execute code. Install the patch now.
Another instance of fake updates being used to spread malware. Be very careful before accepting the updates.
Using a vulnerability known about for at least 18 months attackers have been able to compromise systems and even escalate privileges to steal credentials.