Category: bleepingcomputer

Flickr discloses potential data breach exposing users’ names, emails Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders federal agencies to replace end-of-life edge devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gang uses ISPsystem VMs for stealthy payload delivery Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […] Bill Toulas Go to bleepingcomputer

Hackers compromise NGINX servers to redirect user traffic A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker’s backend infrastructure. […] Bill Toulas Go to bleepingcomputer

Critical n8n flaws disclosed along with public exploits Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. […] Bill Toulas Go to bleepingcomputer

CISA: VMware ESXi flaw now exploited in ransomware attacks CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns of five-year-old GitLab flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

The Double-Edged Sword of Non-Human Identities Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. […] Sponsored by Flare Go to bleepingcomputer

New GlassWorm attack targets macOS via compromised OpenVSX extensions A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. […] Bill Toulas Go to bleepingcomputer

Russian hackers exploit recently patched Microsoft Office bug in attacks Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. […] Bill Toulas Go to bleepingcomputer

Exposed MongoDB instances still targeted in data extortion attacks A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. […] Bill Toulas Go to bleepingcomputer

Cloud storage payment scam floods inboxes with fake renewals Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. […] Lawrence Abrams Go to…

Mandiant details how ShinyHunters abuse SSO to steal cloud data Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. […] Lawrence Abrams Go to bleepingcomputer

Crypto wallets received a record $158 billion in illicit funds last year Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. […] Bill Toulas Go to bleepingcomputer

Ivanti warns of two EPMM flaws exploited in zero-day attacks Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. […] Lawrence Abrams Go to bleepingcomputer

Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. […] Bill Toulas Go to bleepingcomputer

Initial access hackers switch to Tsundere Bot for ransomware attacks A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. […] Bill Toulas Go to bleepingcomputer

Cyberattack on Polish energy grid impacted around 30 facilities The coordinated attack on Poland’s power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. […] Bill Toulas Go to bleepingcomputer

eScan confirms update server breached to push malicious update MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. […] Lawrence Abrams Go to bleepingcomputer

New sandbox escape flaw exposes n8n instances to RCE attacks Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. […] Bill Toulas Go to bleepingcomputer

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. […] Lawrence Abrams Go to bleepingcomputer

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. […] Bill Toulas Go to bleepingcomputer

WinRAR path traversal flaw still exploited by numerous hackers Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. […] Bill Toulas Go to bleepingcomputer

Nike investigates data breach after extortion gang leaks files Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. […] Sergiu Gatlan Go to bleepingcomputer

New malware service guarantees phishing extensions on Chrome web store A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. […] Bill Toulas Go to bleepingcomputer

New ClickFix attacks abuse Windows App-V scripts to push malware A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. […] Bill Toulas Go to bleepingcomputer

Cloudflare misconfiguration behind recent BGP route leak Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. […] Bill Toulas Go to bleepingcomputer

1Password adds pop-up warnings for suspected phishing sites The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. […] Bill Toulas Go to bleepingcomputer

Sandworm hackers linked to failed wiper attack on Poland’s energy systems A cyberattack targeting Poland’s power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. […] Lawrence Abrams Go to bleepingcomputer

Konni hackers target blockchain engineers with AI-built malware The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. […] Bill Toulas Go to bleepingcomputer

ShinyHunters claim to be behind SSO-account data theft attacks The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. […] Lawrence Abrams Go to bleepingcomputer

CISA confirms active exploitation of four enterprise software bugs The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. […] Bill Toulas Go to bleepingcomputer

US to deport Venezuelans who emptied bank ATMs using malware South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit critical telnetd auth bypass flaw to get root A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. […] Bill Toulas Go to bleepingcomputer

Okta SSO accounts targeted in vishing-based data theft attacks Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. […] Lawrence Abrams Go to bleepingcomputer

Curl ending bug bounty program after flood of AI slop reports The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. […] Lawrence Abrams Go to bleepingcomputer

SmarterMail auth bypass flaw now exploited to hijack admin accounts Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. […] Bill Toulas Go to bleepingcomputer

INC ransomware opsec fail allowed data recovery for 12 US orgs An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. […] Bill Toulas Go to bleepingcomputer

Zendesk ticket systems hijacked in massive global spam wave People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. […] Lawrence Abrams Go to bleepingcomputer

Chainlit AI framework bugs let hackers breach cloud environments Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leak sensitive information. […] Bill Toulas Go to bleepingcomputer

Cisco fixes Unified Communications RCE zero day exploited in attacks Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. […] Lawrence Abrams Go to bleepingcomputer

New Android malware uses AI to click on hidden browser ads A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. […] Bill Toulas Go to bleepingcomputer

Online retailer PcComponentes says data breach claims are fake PcComponentes, a major technology retailer in Spain, has denied claims of a data breach on its systems impacting 16 million customers, but confirmed it suffered a credential stuffing attack. […] Bill Toulas Go to bleepingcomputer

ACF plugin bug gives hackers admin on 50,000 WordPress sites A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. […] Bill Toulas Go to bleepingcomputer

Fake ad blocker extension crashes the browser for ClickFix attacks A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. […] Bill Toulas Go to bleepingcomputer

New PDFSider Windows malware deployed on Fortune 100 firm’s network Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. […] Bill Toulas Go to bleepingcomputer

UK govt. warns about ongoing Russian hacktivist group attacks The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. […] Bill Toulas Go to bleepingcomputer

CIRO confirms data breach exposed info on 750,000 Canadian investors The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. […] Bill Toulas Go to bleepingcomputer

Credential-stealing Chrome extensions target enterprise HR platforms Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. […] Lawrence Abrams Go to bleepingcomputer

Malicious GhostPoster browser extensions found with 840,000 installs Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. […] Bill Toulas Go to bleepingcomputer

StealC hackers hacked as researchers hijack malware control panels A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers’ hardware. […] Bill Toulas Go to bleepingcomputer

China-linked hackers exploited Sitecore zero-day for initial access An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. […] Bill Toulas Go to bleepingcomputer

Cisco finally fixes AsyncOS zero-day exploited since November ​Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. […] Sergiu Gatlan Go to bleepingcomputer

Gootloader now uses 1,000-part ZIP archives for stealthy delivery The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. […] Bill Toulas Go to bleepingcomputer

FTC bans GM from selling drivers’ location data for five years The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. […] Sergiu Gatlan Go to bleepingcomputer

Palo Alto Networks warns of DoS bug letting hackers disable firewalls Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. […] Sergiu Gatlan Go to bleepingcomputer