Category: bleepingcomputer

China-linked hackers exploited Lanscope flaw as a zero-day in attacks China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. […] Bill Toulas Go to bleepingcomputer

‘We got hacked’ emails threaten to leak University of Pennsylvania data The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. […] Lawrence Abrams Go to bleepingcomputer

Australia warns of BadCandy infections on unpatched Cisco devices The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. […] Bill Toulas Go to bleepingcomputer

Why password controls still matter in cybersecurity Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. […] Sponsored by Specops Software Go to bleepingcomputer

Ukrainian extradited from Ireland on Conti ransomware charges A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. […] Sergiu Gatlan Go to bleepingcomputer

Major telecom services provider Ribbon breached by state hackers Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. […] Sergiu Gatlan Go to bleepingcomputer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. […] Bill Toulas Go to bleepingcomputer

WordPress security plugin exposes private data to site subscribers The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. […] Bill Toulas Go to bleepingcomputer

Advertising giant Dentsu reports data breach at subsidiary Merkle Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident  that exposed staff and client data. […] Bill Toulas Go to bleepingcomputer

CISA warns of two more actively exploited Dassault vulnerabilities The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. […] Sergiu Gatlan Go to bleepingcomputer

Qilin ransomware abuses WSL to run Linux encryptors in Windows The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. […] Lawrence Abrams Go to bleepingcomputer

Google disputes false claims of massive Gmail data breach Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. […] Lawrence Abrams Go to bleepingcomputer

X: Re-enroll 2FA security keys by November 10 or get locked out X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. […] Lawrence Abrams Go to bleepingcomputer

Ransomware profits drop as victims stop paying hackers The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. […] Bill Toulas Go to bleepingcomputer

QNAP warns of critical ASP.NET flaw in its Windows backup software QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. […] Sergiu Gatlan Go to bleepingcomputer

Hackers steal Discord accounts with RedTiger-based infostealer Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. […] Bill Toulas Go to bleepingcomputer

Hackers launch mass attacks exploiting outdated WordPress plugins A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). […] Bill Toulas Go to bleepingcomputer

How to reduce costs with self-service password resets Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […] Sponsored by Specops Software Go to…

Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland ​The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. […] Sergiu Gatlan Go to bleepingcomputer

Toys “R” Us Canada warns customers’ info leaked in data breach Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. […] Bill Toulas Go to bleepingcomputer

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. […] Bill Toulas Go to bleepingcomputer

Pwn2Own Day 2: Hackers exploit 56 zero-days for $790,000 Security researchers collected $792,750 in cash after exploiting 56​​​​​​​ unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploiting critical “SessionReaper” flaw in Adobe Magento Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. […] Bill Toulas Go to bleepingcomputer

TARmageddon flaw in abandoned Rust library enables RCE attacks A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. […] Sergiu Gatlan Go to bleepingcomputer

Meta launches new anti-scam tools for WhatsApp and Messenger Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. […] Sergiu Gatlan Go to bleepingcomputer

Vidar Stealer 2.0 adds multi-threaded data theft, better evasion The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. […] Bill Toulas Go to bleepingcomputer

TP-Link warns of critical command injection flaw in Omada gateways TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. […] Bill Toulas Go to bleepingcomputer

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit 34 zero-days on first day of Pwn2Own Ireland On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. […] Sergiu Gatlan Go to bleepingcomputer

Retail giant Muji halts online sales after ransomware attack on supplier Japanese retail company Muji has taken offline its store due to a logistics outage caused by a ransomware attack at its delivery partner, Askul. […] Bill Toulas Go to bleepingcomputer

Over 75,000 WatchGuard security devices vulnerable to critical RCE Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. […] Bill Toulas Go to bleepingcomputer

ConnectWise fixes Automate bug allowing AiTM update attacks ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. […] Bill Toulas Go to bleepingcomputer

American Airlines subsidiary Envoy confirms Oracle data theft attack Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. […] Lawrence Abrams Go to bleepingcomputer

Europol dismantles SIM box operation renting numbers for cybercrime European law enforcement in an operation codenamed ‘SIMCARTEL’ has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses. […] Bill Toulas Go to bleepingcomputer

Auction giant Sotheby’s says data breach exposed financial information Major international auction house Sotheby’s is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details. […] Bill Toulas Go to bleepingcomputer

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit Cisco SNMP flaw to deploy rootkit on switches Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. […] Bill Toulas Go to bleepingcomputer

PowerSchool hacker gets sentenced to four years in prison 19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. […] Sergiu Gatlan Go to bleepingcomputer

Fake LastPass, Bitwarden breach alerts lead to PC hijacks An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. […] Bill Toulas Go to bleepingcomputer

F5 releases BIG-IP patches for stolen security vulnerabilities Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. […] Sergiu Gatlan Go to bleepingcomputer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft’s Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. […] Bill Toulas Go to bleepingcomputer

Massive multi-country botnet targets RDP services in the US A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. […] Bill Toulas Go to bleepingcomputer

SonicWall VPN accounts breached using stolen creds in widespread attacks Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. […] Bill Toulas Go to bleepingcomputer

Fake ‘Inflation Refund’ texts target New Yorkers in new scam An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer “Inflation Refunds” in an attempt to steal victims’ personal and financial data. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploiting zero-day in Gladinet file sharing software Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication. […] Bill Toulas Go to bleepingcomputer

Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time In today’s hyper-connected world, cyber threats are more sophisticated and frequent than ever – ransomware, data breaches, and social engineering scams, targeting everyone from individuals to Fortune 500 companies. Right now, you can grab “Cybersecurity For Dummies, 3rd Edition” – a $29.99 value –…

Apple now offers $2 million for zero-click RCE vulnerabilities Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. […] Bill Toulas Go to bleepingcomputer

Hackers now use Velociraptor DFIR tool in ransomware attacks Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. […] Bill Toulas Go to bleepingcomputer

Hackers claim Discord breach exposed data of 5.5 million users Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company’s Zendesk support system instance, including government IDs and partial payment information for some people. […] Lawrence Abrams Go to bleepingcomputer

New FileFix attack uses cache smuggling to evade security software A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software. […] Lawrence Abrams Go to bleepingcomputer

Qilin ransomware claims Asahi brewery attack, leaks data The Qilin ransomware group has claimed responsibility for the attack at Japanese beer maker Asahi, adding the company to its extortion page on the dark web yesterday. […] Bill Toulas Go to bleepingcomputer