Category: bleepingcomputer

Cisco warns of unpatched SD-WAN zero-day exploited in attacks On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. […] Sergiu Gatlan Go to bleepingcomputer

Credit card theft campaign abuses Stripe to host stolen payment info A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. […] Bill Toulas Go to bleepingcomputer

Chinese hackers use new Atlas RAT malware in European cyberattacks A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. […] Bill Toulas Go to bleepingcomputer

CISA warns of cyberattacks targeting fuel tank monitoring systems CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. […] Lawrence Abrams Go to bleepingcomputer

New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. […] Bill Toulas Go to bleepingcomputer

CISA warns of active attacks exploiting Android, Linux bugs The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. […] Bill Toulas Go to bleepingcomputer

Critical Kirki flaw exploited to hijack WordPress admin accounts Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. […] Bill Toulas Go to bleepingcomputer

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. […] Bill Toulas Go to bleepingcomputer

Red Hat npm packages compromised to steal developer credentials More than 30 npm packages under Red Hat’s ‘@redhat-cloud-services’ namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed “Miasma.” […] Lawrence Abrams Go to bleepingcomputer

Spain arrests doxer leaking sensitive data of govt employees The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). […] Bill Toulas Go to bleepingcomputer

Dashlane password manager users locked out by brute force attacks Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. […] Bill Toulas Go to bleepingcomputer

WP Maps Pro bug exploited to create admin accounts on WordPress sites Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. […] Bill Toulas Go to bleepingcomputer

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. […] Lawrence Abrams Go to bleepingcomputer

ChatGPT share links abused to host fake outage pages to deliver malware Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. […] Lawrence Abrams Go to bleepingcomputer

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. […] Sponsored by Flare Go to bleepingcomputer

Google Chrome adds session cookie theft protection for all users Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. […] Sergiu Gatlan Go to bleepingcomputer

Charter Communications data breach affects 4.9 million accounts The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. […] Sergiu Gatlan Go to bleepingcomputer

FBI warns of fake FIFA websites running World Cup fraud schemes The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. […] Bill Toulas Go to bleepingcomputer

Sextortionist sentenced to 33 years for targeting 145 children A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. […] Sergiu Gatlan Go to bleepingcomputer

GPU mining malware spreads via SEO poisoning, AI chatbots Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. […] Ionut Ilascu Go to bleepingcomputer

Can you enforce strong Active Directory password rules without frustrating users? Strong Active Directory passwords don’t have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. […] Sponsored by Specops Software Go to bleepingcomputer

Glassworm botnet disrupted after resilient C2 infrastructure takedown The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. […] Ionut Ilascu Go to bleepingcomputer

FBI warns of in-person data theft attacks from extortion gang The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. […] Sergiu Gatlan Go to bleepingcomputer

Dutch police arrests suspect linked to Ajax football club hack The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. […] Sergiu Gatlan Go to bleepingcomputer

KnowledgeDeliver flaw exploited as a zero-day to install web shells Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. […] Ionut Ilascu Go to bleepingcomputer

Charter confirms data breach after ShinyHunters extortion threat U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. […] Lawrence Abrams Go to bleepingcomputer

How Varonis Atlas integrates Claude Compliance API for AI governance AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. […] Sponsored by Varonis Go to bleepingcomputer

CISA orders feds to patch actively exploited Drupal vulnerability CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. […] Sergiu Gatlan Go to bleepingcomputer

7-Eleven data breach exposes personal information of 185,000 people The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. […] Sergiu Gatlan Go to bleepingcomputer

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). […] Lawrence Abrams Go to bleepingcomputer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. […] Bill Toulas Go to bleepingcomputer

Laravel Lang packages hijacked to deploy credential-stealing malware A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. […] Lawrence Abrams Go to bleepingcomputer

Former US execs plead guilty to aiding tech support scammers Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. […] Sergiu Gatlan Go to bleepingcomputer

Trend Micro warns of Apex One zero-day exploited in the wild Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. […] Sergiu Gatlan Go to bleepingcomputer

Drupal: Critical SQL injection flaw now targeted in attacks Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. […] Bill Toulas Go to bleepingcomputer

Why Chargebacks are Just One Piece of the Fraud Puzzle Fraud losses don’t stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. […] Sponsored by IPQS Go to bleepingcomputer

US and Canada arrest and charge suspected Kimwolf botnet admin U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. […] Sergiu Gatlan Go to bleepingcomputer

Google accidentally exposed details of unfixed Chromium flaw Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. […] Bill Toulas Go to bleepingcomputer

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet Modern crypto drainers don’t hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. […] Sponsored by Flare Go to bleepingcomputer

Chinese hackers target telcos with new Linux, Windows malware A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. […] Bill Toulas Go to bleepingcomputer

GitHub links repo breach to TanStack npm supply-chain attack GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. […] Sergiu Gatlan Go to bleepingcomputer

Ukraine identifies infostealer operator tied to 28,000 stolen accounts The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. […] Bill Toulas Go to bleepingcomputer

Hackers bypass SonicWall VPN MFA due to incomplete patching Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. […] Bill Toulas Go to bleepingcomputer

Grafana breach caused by missed token rotation after TanStack attack The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. […] Bill Toulas Go to bleepingcomputer

GitHub confirms breach of 3,800 repos via malicious VSCode extension GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. […] Sergiu Gatlan Go to bleepingcomputer

GitHub investigates internal repositories breach claimed by TeamPCP GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code. […] Sergiu Gatlan Go to bleepingcomputer

Max-severity flaw in ChromaDB for AI apps allows server hijacking A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. […] Bill Toulas Go to bleepingcomputer

Cybercrime service disrupted for abusing Microsoft platform to sign malware Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. […] Lawrence Abrams Go to bleepingcomputer

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. […] Sponsored by Adaptive Security Go to bleepingcomputer

Leaked Shai-Hulud malware fuels new npm infostealer campaign The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. […] Bill Toulas Go to bleepingcomputer

Grafana says stolen GitHub token let hackers steal codebase Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. […] Bill Toulas Go to bleepingcomputer

Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. […] Sergiu Gatlan Go to bleepingcomputer

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. […] Bill Toulas Go to bleepingcomputer

Microsoft rejects critical Azure vulnerability report, no CVE issued A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix.…

Russian hackers turn Kazuar backdoor into modular P2P botnet The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. […] Bill Toulas Go to bleepingcomputer

Funnel Builder WordPress plugin bug exploited to steal credit cards A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. […] Bill Toulas Go to bleepingcomputer

Popular node-ipc npm package compromised to steal credentials Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. […] Bill Toulas Go to bleepingcomputer

Avada Builder WordPress plugin flaws allow site credential theft Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. […] Bill Toulas Go to bleepingcomputer

TeamPCP hackers advertise Mistral AI code repos for sale The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. […] Ionut Ilascu Go to bleepingcomputer

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. […] Bill Toulas Go to bleepingcomputer

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. […] Lawrence Abrams Go to bleepingcomputer

US charges suspected Dream Market admin arrested in Germany The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. […] Sergiu Gatlan Go to bleepingcomputer

New Fragnesia Linux flaw lets attackers gain root privileges Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. […] Sergiu Gatlan Go to bleepingcomputer

West Pharmaceutical says hackers stole data, encrypted systems West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. […] Bill Toulas Go to bleepingcomputer

Iranian hackers targeted major South Korean electronics maker The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. […] Bill Toulas Go to bleepingcomputer

US govt seeks Instructure testimony on massive Canvas cyberattack The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. […] Lawrence Abrams Go to…