Category: bleepingcomputer

CyberStrikeAI tool adopted by hackers for AI-powered attacks Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. […] Lawrence Abrams Go to bleepingcomputer

Fake Google Security site uses PWA app to steal credentials, MFA codes A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. […] Ionut Ilascu Go to bleepingcomputer

Alabama man pleads guilty to hacking, extorting hundreds of women A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). […] Sergiu Gatlan Go to bleepingcomputer

ClawJacked attack let malicious websites hijack OpenClaw to steal data Security researchers have disclosed a high-severity vulnerability dubbed “ClawJacked” in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. […] Lawrence Abrams Go to bleepingcomputer

QuickLens Chrome extension steals crypto, shows ClickFix attack A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. […] Lawrence Abrams Go to bleepingcomputer

APT37 hackers use new malware to breach air-gapped networks North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […] Bill Toulas Go to bleepingcomputer

Europol-led crackdown on The Com hackers leads to 30 arrests A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online cybercrime collective that targets children and teenagers. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns that RESURGE malware can be dormant on Ivanti devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […] Bill Toulas Go to bleepingcomputer

Third-Party Patching and the Business Footprint We All Share Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. […] Sponsored by Action1 Go to bleepingcomputer

Trend Micro warns of critical Apex One code execution flaws Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. […] Sergiu Gatlan Go to bleepingcomputer

European DYI chain ManoMano data breach impacts 38 million customers DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. […] Bill Toulas Go to bleepingcomputer

Critical Juniper Networks PTX flaw allows full router takeover A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. […] Bill Toulas Go to bleepingcomputer

Olympique Marseille confirms ‘attempted’ cyberattack after data leak French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club’s systems earlier this month. […] Sergiu Gatlan Go to bleepingcomputer

Fake Next.js job interview tests backdoor developer’s devices The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. […] Bill Toulas Go to bleepingcomputer

Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. […] Lawrence Abrams Go to bleepingcomputer

Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. […] Sergiu Gatlan Go to bleepingcomputer

Phishing campaign targets freight and logistics orgs in the US, Europe A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. […] Bill Toulas Go to bleepingcomputer

Wynn Resorts confirms employee data breach after extortion threat Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang’s data leak site. […] Lawrence Abrams Go to bleepingcomputer

1Campaign platform helps malicious Google ads evade detection A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. […] Bill Toulas Go to bleepingcomputer

Android mental health apps with 14.7M installs filled with security flaws Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. […] Ionut Ilascu Go to bleepingcomputer

Spain arrests suspected hacktivists for DDoSing govt sites Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions. […] Sergiu Gatlan Go to bleepingcomputer

Ad tech firm Optimizely confirms data breach after vishing attack New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. […] Sergiu Gatlan Go to bleepingcomputer

When identity isn’t the weak link, access still is Stolen tokens and compromised devices let attackers reuse trust without breaking authentication. Specops Software explains why identity alone isn’t enough and how continuous device verification strengthens Zero Trust. […] Sponsored by Specops Software Go to bleepingcomputer

Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […] Lawrence Abrams Go to bleepingcomputer

Japanese tech giant Advantest hit by ransomware attack Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Bill Toulas Go to bleepingcomputer

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […] Bill Toulas Go to bleepingcomputer

Data breach at French bank registry impacts 1.2 million accounts The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. […] Bill Toulas Go to bleepingcomputer

Why the shift left dream has become a nightmare for security and developers The “shift left” approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by…

PayPal discloses data breach that exposed user info for 6 months PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. […] Sergiu Gatlan Go to bleepingcomputer

Ukrainian gets 5 years for helping North Koreans infiltrate US firms A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. […] Sergiu Gatlan Go to bleepingcomputer

Flaw in Grandstream VoIP phones allows stealthy eavesdropping A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […] Bill Toulas Go to bleepingcomputer

Google blocked over 1.75 million Play Store app submissions in 2025 Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch actively exploited Dell flaw within 3 days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. […] Sergiu Gatlan Go to bleepingcomputer

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. […] Bill Toulas Go to bleepingcomputer

Telegram channels expose rapid weaponization of SmarterMail flaws Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. […] Sponsored by Flare Go to bleepingcomputer

Data breach at fintech firm Figure affects nearly 1 million accounts Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. […] Sergiu Gatlan Go to bleepingcomputer

Flaws in popular VSCode extensions expose developers to attacks Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. […] Bill Toulas Go to bleepingcomputer

Chinese hackers exploiting Dell zero-day flaw since mid-2024 A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. […] Sergiu Gatlan Go to bleepingcomputer

Ireland now also investigating X over Grok-made sexual images Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. […] Sergiu Gatlan Go to bleepingcomputer

Eurail says stolen traveler data now up for sale on dark web Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. […] Bill Toulas Go to bleepingcomputer

Man arrested for demanding reward after accidental police data leak Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […] Sergiu Gatlan Go to bleepingcomputer

Canada Goose investigating as hackers leak 600K customer records ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of…

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. […] Lawrence Abrams Go to bleepingcomputer

CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. […]…

One threat actor responsible for 83% of recent Ivanti RCE attacks Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. […] Bill Toulas Go to bleepingcomputer

Snail mail letters target Trezor and Ledger users in crypto-theft attacks Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. […] Bill Toulas Go to bleepingcomputer

Turning IBM QRadar Alerts into Action with Criminal IP Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. […] Sponsored by Criminal IP…

Critical BeyondTrust RCE flaw now exploited in attacks, patch now A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. […] Lawrence Abrams Go to bleepingcomputer

Crazy ransomware gang abuses employee monitoring tool in attacks A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. […] Lawrence Abrams Go to bleepingcomputer

New Linux botnet SSHStalker uses old-school IRC for C2 comms A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. […] Bill Toulas Go to bleepingcomputer

Malicious 7-Zip site distributes installer laced with proxy tool A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. […] Bill Toulas Go to bleepingcomputer

Fugitive behind $73M ‘pig butchering’ scheme gets 20 years in prison A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. […]…

Chinese cyberspies breach Singapore’s four largest telcos The Chinese threat actor tracked as UNC3886 breached Singapore’s four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. […] Bill Toulas Go to bleepingcomputer

Hackers breach SmarterTools network using flaw in its own software SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. […] Bill Toulas Go to bleepingcomputer

Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. […] Bill Toulas Go to bleepingcomputer

Password guessing without AI: How attackers build targeted wordlists Attackers don’t need AI to crack passwords, they build targeted wordlists from an organization’s own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. […] Sponsored by Specops Software Go to bleepingcomputer

European Commission discloses breach that exposed staff data The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. […] Sergiu Gatlan Go to bleepingcomputer

New tool blocks imposter attacks disguised as safe commands A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.  […] Bill Toulas Go to bleepingcomputer

State actor targets 155 countries in ‘Shadow Campaigns’ espionage op A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […] Bill Toulas Go to bleepingcomputer

Payments platform BridgePay confirms ransomware attack behind outage A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. […] Ax Sharma Go to bleepingcomputer

Germany warns of Signal account hijacking targeting senior figures Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. […] Bill Toulas Go to bleepingcomputer

CISA warns of SmarterMail RCE flaw used in ransomware attacks The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. […] Bill Toulas Go to bleepingcomputer

EDR, Email, and SASE Miss This Entire Class of Browser Attacks Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. […] Sponsored by Keep Aware Go to bleepingcomputer