Category: bleepingcomputer

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. […] Lawrence Abrams Go to bleepingcomputer

New VoidProxy phishing service targets Microsoft 365, Google accounts A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. […] Bill Toulas Go to bleepingcomputer

‘WhiteCobra’ floods VSCode market with crypto-stealing extensions A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. […] Bill Toulas Go to bleepingcomputer

New HybridPetya ransomware can bypass UEFI Secure Boot A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. […] Bill Toulas Go to bleepingcomputer

CISA warns of actively exploited Dassault RCE vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a  manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. […] Bill Toulas Go to bleepingcomputer

Man gets over 4 years in prison for selling unreleased movies A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. […] Sergiu Gatlan Go to bleepingcomputer

The first three things you’ll want during a cyberattack When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what’s happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. […]…

Samsung patches actively exploited zero-day reported by WhatsApp Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. […] Sergiu Gatlan Go to bleepingcomputer

Apple warns customers targeted in recent spyware attacks Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). […] Sergiu Gatlan Go to bleepingcomputer

DDoS defender targeted in 1.5 Bpps denial-of-service attack A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. […] Bill Toulas Go to bleepingcomputer

Windows 10 KB5065429 update includes 14 changes and fixes Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including fixes for unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. […] Lawrence Abrams Go to bleepingcomputer

Plex tells users to reset passwords after new data breach Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. […] Lawrence Abrams Go to bleepingcomputer

Surge in networks scans targeting Cisco ASA devices raise concerns Large network scans have been  targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. […] Bill Toulas Go to bleepingcomputer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. […] Bill Toulas Go to bleepingcomputer

Signal adds secure cloud backups to save and restore chats Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. […] Sergiu Gatlan Go to bleepingcomputer

Lovesac confirms data breach after ransomware attack claims American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. […] Bill Toulas Go to bleepingcomputer

iCloud Calendar abused to send phishing emails from Apple’s servers iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. […] Lawrence Abrams Go to bleepingcomputer

VirusTotal finds hidden malware phishing campaign in SVG files VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. […] Lawrence Abrams Go to bleepingcomputer

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. […] Bill Toulas Go to bleepingcomputer

Financial services firm Wealthsimple discloses data breach Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. […] Sergiu Gatlan Go to bleepingcomputer

Max severity Argo CD API flaw leaks repository credentials An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. […] Bill Toulas Go to bleepingcomputer

Hackers exploited Sitecore zero-day flaw to deploy backdoors Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. […] Bill Toulas Go to bleepingcomputer

Chess.com discloses recent data breach via file transfer app Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. […] Bill Toulas Go to bleepingcomputer

New TP-Link zero-day surfaces as CISA warns other flaws are exploited TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. […] Bill Toulas Go to bleepingcomputer

France slaps Google with €325M fine for violating cookie regulations The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. […] Sergiu Gatlan Go to bleepingcomputer

US offers $10 million bounty for info on Russian FSB hackers The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. […] Sergiu Gatlan Go to bleepingcomputer

US sues robot toy maker for exposing children’s data to Chinese devs The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. […] Sergiu Gatlan Go to bleepingcomputer

Police disrupts Streameast, largest pirated sports streaming network The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world’s largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. […] Bill Toulas Go to bleepingcomputer

Hackers breach fintech firm in attempted $130M bank heist Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix). […] Bill Toulas Go to bleepingcomputer

Cloudflare hit by data breach in Salesloft Drift supply chain attack Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. […] Sergiu Gatlan Go to bleepingcomputer

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). […] Sergiu Gatlan Go to bleepingcomputer

Jaguar Land Rover says cyberattack ‘severely disrupted’ production Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. […] Bill Toulas Go to bleepingcomputer

Zscaler data breach exposes customer info after Salesloft Drift compromise Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. […] Lawrence Abrams Go to bleepingcomputer

Amazon disrupts Russian APT29 hackers targeting Microsoft 365 Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. […] Bill Toulas Go to bleepingcomputer

Brokewell Android malware delivered through fake TradingView ads Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. […] Ionut Ilascu Go to bleepingcomputer

TamperedChef infostealer delivered through fraudulent PDF Editor Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. […] Ionut Ilascu Go to bleepingcomputer

WhatsApp patches vulnerability exploited in zero-day attacks WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

Google warns Salesloft breach impacted some Workspace accounts Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data. […] Lawrence Abrams Go to bleepingcomputer

Storm-0501 hackers shift to ransomware attacks in the cloud Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. […] Lawrence Abrams Go to bleepingcomputer

Experimental PromptLock ransomware uses AI to encrypt, steal data Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. […] Bill Toulas Go to bleepingcomputer

FreePBX servers hacked via zero-day, emergency fix released The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet. […] Lawrence Abrams Go to bleepingcomputer

IT system supplier cyberattack impacts 200 municipalities in Sweden A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden’s municipal systems, has caused accessibility problems in more than 200 regions of the country. […] Bill Toulas Go to bleepingcomputer

Global Salt Typhoon hacking campaigns linked to Chinese tech firms The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. […] Lawrence Abrams Go to bleepingcomputer

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. […] Lawrence Abrams Go to bleepingcomputer

Silk Typhoon hackers hijack network captive portals in diplomat attacks State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. […] Bill Toulas Go to bleepingcomputer

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. […] Lawrence Abrams Go to bleepingcomputer

Nevada closes state offices as cyberattack disrupts IT systems Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. […] Lawrence Abrams Go to bleepingcomputer

Surge in coordinated scans targets Microsoft RDP auth servers Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign. […] Lawrence Abrams Go to bleepingcomputer

Farmers Insurance data breach impacts 1.1M people after Salesforce attack U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. […] Lawrence Abrams Go to bleepingcomputer

Auchan retailer data breach impacts hundreds of thousands of customers French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. […] Bill Toulas Go to bleepingcomputer

Murky Panda hackers exploit cloud trust to hack downstream customers A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. […] Lawrence Abrams Go to bleepingcomputer

APT36 hackers abuse Linux .desktop files to install malware in new attacks The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. […] Bill Toulas Go to bleepingcomputer

Massive anti-cybercrime operation leads to over 1,200 arrests in Africa Law enforcement authorities in Africa have arrested over 1,200 suspects as part of ‘Operation Serengeti 2.0,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. […] Sergiu Gatlan Go to bleepingcomputer

Colt confirms customer data stolen as Warlock ransomware auctions files UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. […] Lawrence Abrams Go to bleepingcomputer

Europol confirms $50,000 Qilin ransomware reward is fake Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. […] Lawrence Abrams Go to bleepingcomputer

Scattered Spider hacker gets sentenced to 10 years in prison Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. […] Sergiu Gatlan Go to bleepingcomputer

Orange Belgium discloses data breach impacting 850,000 customers Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. […] Sergiu Gatlan Go to bleepingcomputer