Category: Security

PyPI now blocks domain resurrection attacks used for hijacking accounts The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. […] Bill Toulas Go to bleepingcomputer

Okta open-sources catalog of Auth0 rules for threat detection Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. […] Bill Toulas Go to bleepingcomputer

Massive Allianz Life data breach impacts 1.1 million people Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. […] Sergiu Gatlan Go to bleepingcomputer

XenoRAT malware campaign hits multiple embassies in South Korea A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. […] Bill Toulas Go to bleepingcomputer

HR giant Workday discloses data breach after Salesforce attack Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. […] Sergiu Gatlan Go to bleepingcomputer

Researcher to release exploit for full auth bypass on FortiWeb A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. […] Bill Toulas Go to bleepingcomputer

Colt Telecom attack claimed by WarLock ransomware, data up for sale UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company’s operations, including hosting and porting services, Colt Online and Voice API platforms. […] Bill Toulas Go to bleepingcomputer

Cisco warns of max severity flaw in Firewall Management Center Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. […] Bill Toulas Go to bleepingcomputer

Plex warns users to patch security vulnerability immediately Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Crypto24 ransomware hits large orgs with custom EDR evasion tool The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files. […] Bill Toulas Go to bleepingcomputer

Pro-Russian hackers blamed for water dam sabotage in Norway The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. […] Bill Toulas Go to bleepingcomputer

CISA warns of N-able N-central flaws exploited in zero-day attacks ​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able’s N-central remote monitoring and management (RMM) platform. […] Sergiu Gatlan Go to bleepingcomputer

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. […] Bill Toulas Go to bleepingcomputer

Hackers leak Allianz Life data stolen in Salesforce attacks Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

North Korean Kimsuky hackers exposed in alleged data breach The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the opposite of Kimsuky’s values, stole the group’s data and leaked it publicly online. […] Bill Toulas Go to bleepingcomputer

Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs The Netherlands’ National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach “critical organizations” in the country. […] Bill Toulas Go to bleepingcomputer

Details emerge on WinRAR zero-day attacks that infected PCs with malware Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. […] Bill Toulas Go to bleepingcomputer

Connex Credit Union data breach impacts 172,000 members Connex, one of Connecticut’s largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. […] Sergiu Gatlan Go to bleepingcomputer

60 malicious Ruby gems downloaded 275,000 times steal credentials Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. […] Bill Toulas Go to bleepingcomputer

WinRAR zero-day exploited to plant malware on archive extraction A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. […] Lawrence Abrams Go to bleepingcomputer

FTC: older adults lost record $700 million to scammers in 2024 Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission. […] Bill Toulas Go to bleepingcomputer

Columbia University data breach impacts nearly 870,000 individuals ​An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university’s network in May. […] Sergiu Gatlan Go to bleepingcomputer

Royal and BlackSuit ransomware gangs hit over 450 US companies The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. […] Sergiu Gatlan Go to bleepingcomputer

Fake WhatsApp developer libraries hide destructive data-wiping code Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer’s computers. […] Bill Toulas Go to bleepingcomputer

CISA orders fed agencies to patch new Exchange flaw by Monday CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET. […] Lawrence Abrams Go to bleepingcomputer

Air France and KLM disclose data breaches impacting customers Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. […] Sergiu Gatlan Go to bleepingcomputer

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. […] Bill Toulas Go to bleepingcomputer

New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations A new post-exploitation command-and-control (C2) evasion method called ‘Ghost Calls’ abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. […] Bill Toulas Go to bleepingcomputer

Trend Micro warns of Apex One zero-day exploited in attacks Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. […] Sergiu Gatlan Go to bleepingcomputer

Pandora confirms data breach amid ongoing Salesforce data theft attacks Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

PBS confirms data breach after employee info leaked on Discord servers PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned. […] Lawrence Abrams Go to bleepingcomputer

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. […] Lawrence Abrams Go to bleepingcomputer

Fashion giant Chanel hit in wave of Salesforce data theft attacks French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Proton fixes Authenticator bug leaking TOTP secrets in logs Proton fixed a bug in its new Authenticator app for iOS that logged users’ sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. […] Lawrence Abrams Go to bleepingcomputer

CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. […] Sponsored by CTM360 Go to bleepingcomputer

Mozilla warns of phishing attacks targeting add-on developers Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. […] Sergiu Gatlan Go to bleepingcomputer

Attackers exploit link-wrapping services to steal Microsoft 365 logins A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. […] Ionut Ilascu Go to bleepingcomputer

SonicWall firewall devices hit in surge of Akira ransomware attacks SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. […] Sergiu Gatlan Go to bleepingcomputer

Pi-hole discloses data breach triggered by WordPress plugin flaw Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. […] Sergiu Gatlan Go to bleepingcomputer

CISA open-sources Thorium platform for malware, forensic analysis The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. […] Sergiu Gatlan Go to bleepingcomputer

Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. […] Sergiu Gatlan Go to bleepingcomputer

ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. […] Lawrence Abrams Go to bleepingcomputer

Hackers target Python devs in phishing attacks using fake PyPI site The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. […] Sergiu Gatlan Go to bleepingcomputer

SafePay ransomware threatens to leak 3.5TB of Ingram Micro data The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company’s compromised systems earlier this month. […] Sergiu Gatlan Go to bleepingcomputer

Hackers actively exploit critical RCE in WordPress Alone theme Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ‘Alone,’ to achieve remote code execution and perform a full site takeover. […] Bill Toulas Go to bleepingcomputer

Hackers plant 4G Raspberry Pi on bank network in failed ATM heist The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank’s network to bypass security defenses in a newly discovered attack. […] Bill Toulas Go to bleepingcomputer

Minnesota activates National Guard after St. Paul cyberattack Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state’s capital, on Friday. […] Sergiu Gatlan Go to bleepingcomputer

Russian airline Aeroflot grounds dozens of flights after cyberattack Aeroflot, Russia’s flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. […] Bill Toulas Go to bleepingcomputer

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. […] Bill Toulas Go to bleepingcomputer

French telecom giant Orange discloses cyberattack Orange, a French telecommunications company and one of the world’s largest telecom operators, revealed that it detected a breached system on its network on Friday. […] Sergiu Gatlan Go to bleepingcomputer

Lovense sex toy app flaw leaks private user email addresses The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member’s email address simply by knowing their username, putting them at risk of doxxing and harassment. […] Lawrence Abrams Go to bleepingcomputer

Tea app leak worsens with second database exposing user chats The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app’s members. […] Lawrence Abrams Go to bleepingcomputer

Endgame Gear mouse config tool infected users with malware Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. […] Bill Toulas Go to bleepingcomputer

Scattered Spider is running a VMware ESXi hacking spree Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. […] Bill Toulas Go to bleepingcomputer

Allianz Life confirms data breach impacts majority of 1.4 million customers Insurance company Allianz Life has confirmed that the personal information for the “majority” of its 1.4 million customers was exposed in a data breach that occurred earlier this month. […] Lawrence Abrams Go to bleepingcomputer

Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. […] Bill Toulas Go to bleepingcomputer

The role of the cybersecurity PM in incident-driven development From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. […] Sponsored by ThreatLocker Go to bleepingcomputer

Woman gets 8 years for aiding North Koreans infiltrate 300 US firms Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. […] Sergiu Gatlan Go to bleepingcomputer

BlackSuit ransomware extortion sites seized in Operation Checkmate Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. […] Sergiu Gatlan Go to bleepingcomputer

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. […] Sergiu Gatlan Go to bleepingcomputer

Lumma infostealer malware returns after law enforcement disruption The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. […] Bill Toulas Go to bleepingcomputer

Coyote malware abuses Windows accessibility framework for data theft A new variant of the banking trojan ‘Coyote’ has begun abusing a Windows accessibility feature, Microsoft’s UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. […] Bill Toulas Go to bleepingcomputer

CISA and FBI warn of escalating Interlock ransomware attacks CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. […] Sergiu Gatlan Go to bleepingcomputer

Ring denies breach after users report suspicious logins Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. […] Bill Toulas Go to bleepingcomputer

Dior begins sending data breach notifications to U.S. customers The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. […] Bill Toulas Go to bleepingcomputer

HPE warns of hardcoded passwords in Aruba access points Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. […] Bill Toulas Go to bleepingcomputer

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. […] Lawrence Abrams Go to bleepingcomputer

Popular npm linter packages hijacked via phishing to drop malware Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. […] Ax Sharma Go to bleepingcomputer