Category: bleepingcomputer

New Eleven11bot botnet infects 86,000 devices for DDoS attacks A new botnet malware named ‘Eleven11bot’ has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. […] Bill Toulas Go to bleepingcomputer

Cisco warns of Webex for BroadWorks flaw exposing credentials Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. […] Sergiu Gatlan Go to bleepingcomputer

Rubrik rotates authentication keys after log server breach Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. […] Lawrence Abrams Go to bleepingcomputer

New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. […] Lawrence Abrams Go to bleepingcomputer

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. […] Bill Toulas Go to bleepingcomputer

Qilin ransomware claims attack at Lee Enterprises, leaks stolen data The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. […] Bill Toulas Go to bleepingcomputer

Police arrests suspects tied to AI-generated CSAM distribution ring Law enforcement agencies from 19 countries have arrested 25 suspects linked to a criminal ring that was distributing child sexual abuse material (CSAM) generated using artificial intelligence (AI). […] Sergiu Gatlan Go to bleepingcomputer

Over 49,000 misconfigured building access systems exposed online Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. […] Bill Toulas Go to bleepingcomputer

Belgium probes if Chinese hackers breached its intelligence service ​The Belgian federal prosecutor’s office is investigating whether Chinese hackers were behind a breach of the country’s State Security Service (VSSE). […] Sergiu Gatlan Go to bleepingcomputer

Southern Water says Black Basta ransomware attack cost £4.5M in expenses United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024. […] Bill Toulas Go to bleepingcomputer

GrassCall malware campaign drains crypto wallets via fake job interviews A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious “GrassCall” meeting app that installs information-stealing malware to steal cryptocurrency wallets. […] Lawrence Abrams Go to bleepingcomputer

VSCode extensions with 9 million installs pulled over security risks Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and  ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. […] Bill Toulas Go to bleepingcomputer

PyPi package with 100K installs pirated music from Deezer for years A malicious PyPi package named ‘automslc’  has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. […] Bill Toulas Go to bleepingcomputer

Have I Been Pwned adds 284M accounts stolen by infostealer malware ​The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. […] Sergiu Gatlan Go to bleepingcomputer

OpenAI bans ChatGPT accounts used by North Korean hackers OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. […] Sergiu Gatlan Go to bleepingcomputer

Russia warns financial sector of major IT service provider hack Russia’s National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country’s credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. […] Bill Toulas Go to bleepingcomputer

Botnet targets Basic Auth in Microsoft 365 password spray attacks A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials. […] Bill Toulas Go to bleepingcomputer

Beware: PayPal “New Address” feature abused to send phishing emails An ongoing PayPal email scam exploits the platform’s address settings to send fake purchase notifications, tricking users into granting remote access to scammers […] Lawrence Abrams Go to bleepingcomputer

CISA flags Craft CMS code injection flaw as exploited in attacks The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. […] Bill Toulas Go to bleepingcomputer

Black Basta ransomware gang’s internal chat logs leak online An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers use custom malware to spy on US telecom networks The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. […] Bill Toulas Go to bleepingcomputer

Integrating LLMs into security operations using Wazuh Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform. […] Sponsored by Wazuh Go to bleepingcomputer

New NailaoLocker ransomware used against EU healthcare orgs A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. […] Bill Toulas Go to bleepingcomputer

CISA and FBI: Ghost ransomware breached orgs in 70 countries CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. […] Sergiu Gatlan Go to bleepingcomputer

Phishing attack hides JavaScript using invisible Unicode trick A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). […] Bill Toulas Go to bleepingcomputer

Venture capital giant Insight Partners hit by cyberattack New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers abuse Microsoft APP-v tool to evade antivirus The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. […] Bill Toulas Go to bleepingcomputer

Chase will soon block Zelle payments to sellers on social media JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilizing the service for fraud. […] Sergiu Gatlan Go to bleepingcomputer

New FinalDraft malware abuses Outlook mail service for stealthy comms A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. […] Bill Toulas Go to bleepingcomputer

Microsoft: Hackers steal emails in device code phishing attacks An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. […] Bill Toulas Go to bleepingcomputer

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. […] Bill Toulas Go to bleepingcomputer

SonicWall firewall bug leveraged in attacks after PoC exploit release Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. […] Sergiu Gatlan Go to bleepingcomputer

PostgreSQL flaw exploited as zero-day in BeyondTrust breach ​Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers breach more US telecoms via unpatched Cisco routers China’s Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. […] Sergiu Gatlan Go to bleepingcomputer

Hacker leaks account data of 12 million Zacks Investment users Zacks Investment Research (Zacks) last year reportedly suffered another data breach that exposed sensitive information related to roughly 12 million accounts. […] Bill Toulas Go to bleepingcomputer

Chinese espionage tools deployed in RA World ransomware attack A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. […] Bill Toulas Go to bleepingcomputer

Surge in attacks exploiting old ThinkPHP and ownCloud flaws Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. […] Bill Toulas Go to bleepingcomputer

Sarcoma ransomware claims breach at giant PCB maker Unimicron A relatively new ransomware operation named ‘Sarcoma’ has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. […] Bill Toulas Go to bleepingcomputer

DPRK hackers dupe targets into typing PowerShell commands as admin North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. […] Bill Toulas Go to bleepingcomputer

Ivanti fixes three critical flaws in Connect Secure & Policy Secure Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. […] Bill Toulas Go to bleepingcomputer

Fortinet discloses second firewall auth bypass patched in January Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices. […] Sergiu Gatlan Go to bleepingcomputer

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. […] Bill Toulas Go to bleepingcomputer

A Cybersecurity Leader’s Guide to SecVal in 2025 Are your defenses truly battle-tested? Security validation ensures you’re not just hoping your security works—it proves it. Learn more from Pentera on how to validate against ransomware, credential threats, and unpatched vulnerabilities in the GOAT Guide. […] Sponsored by Pentera Go to bleepingcomputer

Massive brute force attack uses 2.8 million IPs to target VPN devices A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. […] Bill Toulas Go to bleepingcomputer

HPE notifies employees of data breach after Russian Office 365 hack Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. […] Bill Toulas Go to bleepingcomputer

US health system notifies 882,000 patients of August 2023 breach Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. […] Sergiu Gatlan Go to bleepingcomputer

Cloudflare outage caused by botched blocking of phishing URL An attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. […] Bill Toulas Go to bleepingcomputer

Kimsuky hackers use new custom RDP Wrapper for remote access The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. […] Bill Toulas Go to bleepingcomputer