Category: Security

Microsoft Entra ID flaw allowed hijacking any company’s tenant A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. […] Ionut Ilascu Go to bleepingcomputer

FBI warns of cybercriminals using fake FBI crime reporting portals The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as “possible malicious activity.” […] Sergiu Gatlan Go to bleepingcomputer

CISA exposes malware kits deployed in Ivanti EPMM attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). […] Ionut Ilascu Go to bleepingcomputer

Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT’s License Servlet that can be exploited in command injection attacks. […] Sergiu Gatlan Go to bleepingcomputer

Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses Ransomware remains one of the most destructive threats—because defenses keep failing. Picus Blue Report 2025 shows prevention dropped to 62%, while data exfiltration prevention collapsed to just 3%. […] Sponsored by Picus Security Go to bleepingcomputer

UK arrests ‘Scattered Spider’ teens linked to Transport for London hack Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom. […] Sergiu Gatlan Go to bleepingcomputer

SystemBC malware turns infected VPS systems into proxy highway The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. […] Ionut Ilascu Go to bleepingcomputer

Target-rich environment: Why Microsoft 365 has become the biggest risk Microsoft 365’s dominance and tight integration makes it a massive target in today’s cyber landscape. Its tight integration expands the attack surface and amplifies risk. Learn from Acronis TRU why backup blind spots & lateral movement risks demand stronger defenses. […] Sponsored by Acronis Go…

WatchGuard warns of critical vulnerability in Firebox firewalls WatchGuard has released security updates to address a remote code execution vulnerability impacting the company’s Firebox firewalls. […] Sergiu Gatlan Go to bleepingcomputer

Google patches sixth Chrome zero-day exploited in attacks this year Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. […] Lawrence Abrams Go to bleepingcomputer

VC giant Insight Partners warns thousands after ransomware breach New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. […] Sergiu Gatlan Go to bleepingcomputer

SonicWall warns customers to reset credentials after breach SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. […] Sergiu Gatlan Go to bleepingcomputer

BreachForums hacking forum admin resentenced to three years in prison Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, was resentenced today to three years in prison after a federal appeals court overturned his prior sentence of time served and 20 years of supervised release. […] Lawrence Abrams Go to bleepingcomputer

Self-propagating supply chain attack hits 187 npm packages Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace. […] Ax Sharma Go to bleepingcomputer

Google nukes 224 Android malware apps behind massive ad fraud campaign A massive Android ad fraud operation dubbed “SlopAds” was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. […] Lawrence Abrams Go to bleepingcomputer

FinWise insider breach impacts 689K American First Finance customers FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. […] Lawrence Abrams Go to bleepingcomputer

New Phoenix attack bypasses Rowhammer defenses in DDR5 memory Academic researchers have devised a new variant of Rowhammer attacks that bypass the latest protection mechanisms on DDR5 memory chips from SK Hynix. […] Ionut Ilascu Go to bleepingcomputer

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. […] Lawrence Abrams Go to bleepingcomputer

New VoidProxy phishing service targets Microsoft 365, Google accounts A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. […] Bill Toulas Go to bleepingcomputer

‘WhiteCobra’ floods VSCode market with crypto-stealing extensions A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. […] Bill Toulas Go to bleepingcomputer

New HybridPetya ransomware can bypass UEFI Secure Boot A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. […] Bill Toulas Go to bleepingcomputer

CISA warns of actively exploited Dassault RCE vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a  manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. […] Bill Toulas Go to bleepingcomputer

Man gets over 4 years in prison for selling unreleased movies A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. […] Sergiu Gatlan Go to bleepingcomputer

The first three things you’ll want during a cyberattack When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what’s happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. […]…

Samsung patches actively exploited zero-day reported by WhatsApp Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. […] Sergiu Gatlan Go to bleepingcomputer

Apple warns customers targeted in recent spyware attacks Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). […] Sergiu Gatlan Go to bleepingcomputer

DDoS defender targeted in 1.5 Bpps denial-of-service attack A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. […] Bill Toulas Go to bleepingcomputer

Windows 10 KB5065429 update includes 14 changes and fixes Microsoft has released the KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2, with fourteen fixes or changes, including fixes for unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. […] Lawrence Abrams Go to bleepingcomputer

Plex tells users to reset passwords after new data breach Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. […] Lawrence Abrams Go to bleepingcomputer

Surge in networks scans targeting Cisco ASA devices raise concerns Large network scans have been  targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. […] Bill Toulas Go to bleepingcomputer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. […] Bill Toulas Go to bleepingcomputer

Signal adds secure cloud backups to save and restore chats Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. […] Sergiu Gatlan Go to bleepingcomputer

Lovesac confirms data breach after ransomware attack claims American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. […] Bill Toulas Go to bleepingcomputer

iCloud Calendar abused to send phishing emails from Apple’s servers iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. […] Lawrence Abrams Go to bleepingcomputer

VirusTotal finds hidden malware phishing campaign in SVG files VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. […] Lawrence Abrams Go to bleepingcomputer

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. […] Bill Toulas Go to bleepingcomputer

Financial services firm Wealthsimple discloses data breach Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. […] Sergiu Gatlan Go to bleepingcomputer

Max severity Argo CD API flaw leaks repository credentials An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. […] Bill Toulas Go to bleepingcomputer

Hackers exploited Sitecore zero-day flaw to deploy backdoors Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. […] Bill Toulas Go to bleepingcomputer

Chess.com discloses recent data breach via file transfer app Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. […] Bill Toulas Go to bleepingcomputer

New TP-Link zero-day surfaces as CISA warns other flaws are exploited TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. […] Bill Toulas Go to bleepingcomputer

France slaps Google with €325M fine for violating cookie regulations The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. […] Sergiu Gatlan Go to bleepingcomputer

US offers $10 million bounty for info on Russian FSB hackers The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. […] Sergiu Gatlan Go to bleepingcomputer

US sues robot toy maker for exposing children’s data to Chinese devs The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. […] Sergiu Gatlan Go to bleepingcomputer

Police disrupts Streameast, largest pirated sports streaming network The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world’s largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. […] Bill Toulas Go to bleepingcomputer

Hackers breach fintech firm in attempted $130M bank heist Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix). […] Bill Toulas Go to bleepingcomputer

Cloudflare hit by data breach in Salesloft Drift supply chain attack Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. […] Sergiu Gatlan Go to bleepingcomputer

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). […] Sergiu Gatlan Go to bleepingcomputer

Jaguar Land Rover says cyberattack ‘severely disrupted’ production Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. […] Bill Toulas Go to bleepingcomputer

Zscaler data breach exposes customer info after Salesloft Drift compromise Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. […] Lawrence Abrams Go to bleepingcomputer

Amazon disrupts Russian APT29 hackers targeting Microsoft 365 Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accounts and data. […] Bill Toulas Go to bleepingcomputer

Brokewell Android malware delivered through fake TradingView ads Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. […] Ionut Ilascu Go to bleepingcomputer

TamperedChef infostealer delivered through fraudulent PDF Editor Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. […] Ionut Ilascu Go to bleepingcomputer

WhatsApp patches vulnerability exploited in zero-day attacks WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

Google warns Salesloft breach impacted some Workspace accounts Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data. […] Lawrence Abrams Go to bleepingcomputer

Storm-0501 hackers shift to ransomware attacks in the cloud Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. […] Lawrence Abrams Go to bleepingcomputer

Experimental PromptLock ransomware uses AI to encrypt, steal data Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. […] Bill Toulas Go to bleepingcomputer

FreePBX servers hacked via zero-day, emergency fix released The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet. […] Lawrence Abrams Go to bleepingcomputer

IT system supplier cyberattack impacts 200 municipalities in Sweden A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden’s municipal systems, has caused accessibility problems in more than 200 regions of the country. […] Bill Toulas Go to bleepingcomputer

Global Salt Typhoon hacking campaigns linked to Chinese tech firms The U.S. National Security Agency (NSA), the UK’s National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. […] Lawrence Abrams Go to bleepingcomputer

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. […] Lawrence Abrams Go to bleepingcomputer

Silk Typhoon hackers hijack network captive portals in diplomat attacks State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. […] Bill Toulas Go to bleepingcomputer

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. […] Lawrence Abrams Go to bleepingcomputer

Nevada closes state offices as cyberattack disrupts IT systems Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. […] Lawrence Abrams Go to bleepingcomputer

Surge in coordinated scans targets Microsoft RDP auth servers Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign. […] Lawrence Abrams Go to bleepingcomputer

Farmers Insurance data breach impacts 1.1M people after Salesforce attack U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. […] Lawrence Abrams Go to bleepingcomputer

Auchan retailer data breach impacts hundreds of thousands of customers French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. […] Bill Toulas Go to bleepingcomputer

Murky Panda hackers exploit cloud trust to hack downstream customers A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. […] Lawrence Abrams Go to bleepingcomputer

APT36 hackers abuse Linux .desktop files to install malware in new attacks The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. […] Bill Toulas Go to bleepingcomputer

Massive anti-cybercrime operation leads to over 1,200 arrests in Africa Law enforcement authorities in Africa have arrested over 1,200 suspects as part of ‘Operation Serengeti 2.0,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. […] Sergiu Gatlan Go to bleepingcomputer

Colt confirms customer data stolen as Warlock ransomware auctions files UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. […] Lawrence Abrams Go to bleepingcomputer

Europol confirms $50,000 Qilin ransomware reward is fake Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. […] Lawrence Abrams Go to bleepingcomputer

Scattered Spider hacker gets sentenced to 10 years in prison Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. […] Sergiu Gatlan Go to bleepingcomputer

Orange Belgium discloses data breach impacting 850,000 customers Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. […] Sergiu Gatlan Go to bleepingcomputer