Category: bleepingcomputer

UK sanctions Xinbi marketplace linked to Asian scam centers The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. […] Sergiu Gatlan Go to bleepingcomputer

PolyShell attacks target 56% of all vulnerable Magento stores Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. […] Bill Toulas Go to bleepingcomputer

Citrix urges admins to patch NetScaler flaws as soon as possible Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. […] Sergiu Gatlan Go to bleepingcomputer

Manager of botnet used in ransomware attacks gets 2 years in prison A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. […] Sergiu Gatlan Go to bleepingcomputer

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. […] Bill Toulas Go to bleepingcomputer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. […] Lawrence Abrams Go to bleepingcomputer

Firefox now has a free built-in VPN with 50GB monthly data limit Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. […] Bill Toulas Go to bleepingcomputer

Mazda discloses security breach exposing employee and partner data Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. […] Bill Toulas Go to bleepingcomputer

Tycoon2FA phishing platform returns after recent police disruption The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. […] Bill Toulas Go to bleepingcomputer

Crunchyroll probes breach after hacker claims to steal 6.8M users’ data Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. […] Lawrence Abrams Go to bleepingcomputer

FBI warns of Handala hackers using Telegram in malware attacks The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. […] Sergiu Gatlan Go to bleepingcomputer

VoidStealer malware steals Chrome master key via debugger trick An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. […] Bill Toulas Go to bleepingcomputer

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Azure Monitor alerts abused for callback phishing attacks Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. […] Lawrence Abrams Go to bleepingcomputer

FBI links Signal phishing attacks to Russian intelligence services The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. […] Lawrence Abrams Go to bleepingcomputer

Oracle pushes emergency fix for critical Identity Manager RCE flaw Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. […] Lawrence Abrams Go to bleepingcomputer

Police take down 373,000 fake CSAM sites in Operation Alice An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch max-severity Cisco flaw by Sunday The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. […] Bill Toulas Go to bleepingcomputer

How CISOs Can Survive the Era of Geopolitical Cyberattacks Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. […] Sponsored by Zero Networks Go to bleepingcomputer

Musician admits to $10M streaming royalty fraud using AI bots North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. […] Sergiu Gatlan Go to bleepingcomputer

International joint action disrupts world’s largest DDoS botnets Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. […] Sergiu Gatlan Go to bleepingcomputer

Ex-data analyst stole company data in $2.5M extortion scheme A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. […] Sergiu Gatlan Go to bleepingcomputer

Navia discloses data breach impacting 2.7 million people Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. […] Bill Toulas Go to bleepingcomputer

Aura confirms data breach exposing 900,000 marketing contacts Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Zimbra XSS flaw exploited in attacks CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […] Sergiu Gatlan Go to bleepingcomputer

ConnectWise patches new flaw allowing ScreenConnect hijacking ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. […] Bill Toulas Go to bleepingcomputer

Ransomware gang exploits Cisco flaw in zero-day attacks since January The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […] Sergiu Gatlan Go to bleepingcomputer

Marquis: Ransomware gang stole data of 672K people in cyberattack Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. […] Sergiu Gatlan Go to bleepingcomputer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. […] Bill Toulas Go to bleepingcomputer

Top 5 Things CISOs Need to Do Today to Secure AI Agents AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. […] Sponsored by Token Security Go to bleepingcomputer

Stryker attack wiped tens of thousands of devices, no malware needed Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. […] Ionut Ilascu Go to bleepingcomputer

CISA flags Wing FTP Server flaw as actively exploited in attacks CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. […] Sergiu Gatlan Go to bleepingcomputer

UK’s Companies House confirms security flaw exposed business data Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025. […] Sergiu Gatlan Go to bleepingcomputer

Shadow AI is everywhere. Here’s how to find and secure it. Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. […] Sponsored by Nudge Security Go to bleepingcomputer

Poland’s nuclear research centre targeted by cyberattack Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. […] Bill Toulas Go to bleepingcomputer

From VMware to what’s next: Protecting data during hypervisor migration Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. […] Sponsored by Acronis Go to bleepingcomputer

Starbucks discloses data breach affecting hundreds of employees Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. […] Sergiu Gatlan Go to bleepingcomputer

Canadian retail giant Loblaw notifies customers of data breach Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company’s digital services will have to log in again. […] Bill Toulas Go to bleepingcomputer

England Hockey investigating ransomware data breach England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. […] Bill Toulas Go to bleepingcomputer

WhatsApp introduces parent-managed accounts for pre-teens WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. […] Sergiu Gatlan Go to bleepingcomputer

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch n8n RCE flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Medtech giant Stryker offline after Iran-linked wiper malware attack Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. […] Sergiu Gatlan Go to bleepingcomputer

New PhantomRaven NPM attack wave steals dev data via 88 packages New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. […] Bill Toulas Go to bleepingcomputer

New ‘BlackSanta’ EDR killer spotted targeting HR departments For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. […] Bill Toulas Go to bleepingcomputer

New ‘Zombie ZIP’ technique lets malware slip past security tools A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. […] Bill Toulas Go to bleepingcomputer

Microsoft Teams phishing targets employees with A0Backdoor malware Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. […] Bill Toulas Go to bleepingcomputer

Dutch govt warns of Signal, WhatsApp account hijacking attacks Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. […] Lawrence Abrams Go to bleepingcomputer

Ericsson US discloses data breach after service provider hack Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. […] Sergiu Gatlan Go to bleepingcomputer

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. […] Lawrence Abrams Go to bleepingcomputer

Termite ransomware breaches linked to ClickFix CastleRAT attacks Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. […] Bill Toulas Go to bleepingcomputer

Microsoft: Hackers abusing AI at every stage of cyberattacks Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. […] Lawrence Abrams Go to bleepingcomputer

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program.…

Fake Claude Code install guides push infostealers in InstallFix attacks Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. […] Bill Toulas Go to bleepingcomputer

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it’s investigating a breach that affected systems used to manage surveillance and wiretap warrants. […] Sergiu Gatlan Go to bleepingcomputer

Chinese state hackers target telcos with new malware toolkit A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. […] Bill Toulas Go to bleepingcomputer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. […] Lawrence Abrams Go to bleepingcomputer

WordPress membership plugin bug exploited to create admin accounts Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. […] Bill Toulas Go to bleepingcomputer

Phobos ransomware admin pleads guilty to wire fraud conspiracy A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. […] Sergiu Gatlan Go to bleepingcomputer

CISA flags VMware Aria Operations RCE flaw as exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer

Paint maker giant AkzoNobel confirms cyberattack on U.S. site The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. […] Bill Toulas Go to bleepingcomputer