Category: bleepingcomputer

Hackers behind UK retail attacks now targeting US companies Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gangs join ongoing SAP NetWeaver attacks Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. […] Sergiu Gatlan Go to bleepingcomputer

Australian Human Rights Commission leaks docs to search engines The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. […] Bill Toulas Go to bleepingcomputer

SAP patches second zero-day flaw exploited in recent attacks SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. […] Sergiu Gatlan Go to bleepingcomputer

North Korea ramps up cyberspying in Ukraine to assess war risk The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. […] Bill Toulas Go to bleepingcomputer

Twilio denies breach following leak of alleged Steam 2FA codes Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. […] Bill Toulas Go to bleepingcomputer

Ivanti fixes EPMM zero-days chained in code execution attacks Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. […] Sergiu Gatlan Go to bleepingcomputer

ASUS DriverHub flaw let malicious sites run commands with admin rights The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. […] Bill Toulas Go to bleepingcomputer

Output Messenger flaw exploited as zero-day in espionage attacks A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. […] Sergiu Gatlan Go to bleepingcomputer

Moldova arrests suspect linked to DoppelPaymer ransomware attacks Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. […] Sergiu Gatlan Go to bleepingcomputer

Bluetooth 6.1 enhances privacy with randomized RPA timing The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. […] Bill Toulas Go to bleepingcomputer

iClicker site hack targeted students with malware via fake CAPTCHA The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. […] Lawrence Abrams Go to bleepingcomputer

Police dismantles botnet selling hacked routers as residential proxies Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers behind attacks targeting SAP NetWeaver servers Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor. […] Sergiu Gatlan Go to bleepingcomputer

Cisco fixes max severity IOS XE flaw letting attackers hijack devices Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. […] Bill Toulas Go to bleepingcomputer

Supply chain attack hits npm package with 45,000 weekly downloads An npm package named ‘rand-user-agent’ has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user’s system. […] Bill Toulas Go to bleepingcomputer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022 A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. […] Sergiu Gatlan Go to bleepingcomputer

LockBit ransomware gang hacked, victim negotiations exposed The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. […] Lawrence Abrams Go to bleepingcomputer

PowerSchool hacker now extorting individual school districts PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. […] Lawrence Abrams Go to bleepingcomputer

CoGUI phishing platform sent 580 million emails to steal credentials A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. […] Bill Toulas Go to bleepingcomputer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. […] Bill Toulas Go to bleepingcomputer

Apache Parquet exploit tool detect servers vulnerable to critical flaw A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. […] Bill Toulas Go to bleepingcomputer

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. […] Bill Toulas Go to bleepingcomputer

UK Legal Aid Agency investigates cybersecurity incident The Legal Aid Agency (LAA), an executive agency of the UK’s Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. […] Sergiu Gatlan Go to bleepingcomputer

Critical Langflow RCE flaw exploited to hack AI app servers The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. […] Bill Toulas Go to bleepingcomputer

Linux wiper malware hidden in malicious Go modules on GitHub A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. […] Ionut Ilascu Go to bleepingcomputer

Luna Moth extortion hackers pose as IT help desks to breach US firms The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. […] Bill Toulas Go to bleepingcomputer

New “Bring Your Own Installer” EDR bypass used in ransomware attack A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. […] Lawrence Abrams Go to bleepingcomputer

StealC malware enhanced with stealth upgrades and data theft tools The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. […] Bill Toulas Go to bleepingcomputer

Co-op confirms data theft after DragonForce ransomware claims attack The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. […] Lawrence Abrams Go to bleepingcomputer

Magento supply chain attack compromises hundreds of e-stores A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. […] Bill Toulas Go to bleepingcomputer

UK NCSC: Cyberattacks impacting UK retailers are a wake-up call The United Kingdom’s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a “wake-up call.” […] Sergiu Gatlan Go to bleepingcomputer

TikTok fined €530 million for sending European user data to China The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union’s GDPR data protection regulations. […] Sergiu Gatlan Go to bleepingcomputer

Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data. […] Lawrence Abrams Go to bleepingcomputer

Ukrainian extradited to US for Nefilim ransomware attacks A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. […] Lawrence Abrams Go to bleepingcomputer

Harrods the next UK retailer targeted in a cyberattack London’s iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. […] Lawrence Abrams Go to bleepingcomputer

Hackers abuse IPv6 networking feature to hijack software updates A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. […] Lawrence Abrams Go to bleepingcomputer

WordPress plugin disguised as a security tool injects backdoor A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. […] Bill Toulas Go to bleepingcomputer

SonicWall: SMA100 VPN vulnerabilities now exploited in attacks Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

Commvault says recent breach didn’t impact customer backup data Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. […] Sergiu Gatlan Go to bleepingcomputer

Hackers ramp up scans for leaked Git tokens and secrets Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. […] Bill Toulas Go to bleepingcomputer

France ties Russian APT28 hackers to 12 cyberattacks on French orgs Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. […] Sergiu Gatlan Go to bleepingcomputer

Marks & Spencer breach linked to Scattered Spider ransomware attack Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. […] Lawrence Abrams Go to bleepingcomputer

Hitachi Vantara takes servers offline after Akira ransomware attack Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. […] Sergiu Gatlan Go to bleepingcomputer

VeriSource now says February data breach impacts 4 million people Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people.  […] Bill Toulas Go to bleepingcomputer

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. […] Bill Toulas Go to bleepingcomputer

DragonForce expands ransomware model with white-label branding scheme The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. […] Ionut Ilascu Go to bleepingcomputer

WooCommerce admins targeted by fake security patches that hijack sites A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. […] Bill Toulas Go to bleepingcomputer

Craft CMS RCE exploit chain used in zero-day attacks to steal data Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. […] Lawrence Abrams Go to bleepingcomputer

Marks & Spencer pauses online orders after cyberattack British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Mobile provider MTN says cyberattack compromised customer data African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. […] Bill Toulas Go to bleepingcomputer

FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. […] Sergiu Gatlan Go to bleepingcomputer

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. […] Bill Toulas Go to bleepingcomputer

Lazarus hackers breach six companies in watering hole attacks In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. […] Bill Toulas Go to bleepingcomputer

WhatsApp’s new Advanced Chat Privacy protects sensitive messages WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. […] Sergiu Gatlan Go to bleepingcomputer

FBI: US lost record $16.6 billion to cybercrime in 2024 The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. […] Sergiu Gatlan Go to bleepingcomputer

Marks & Spencer confirms a cyberattack as customers face delayed orders Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. […] Lawrence Abrams Go to bleepingcomputer

Active! Mail RCE flaw exploited in attacks on Japanese orgs An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. […] Bill Toulas Go to bleepingcomputer