Category: Security

New CrushFTP zero-day exploited in attacks to hijack servers CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. […] Lawrence Abrams Go to bleepingcomputer

UK ties GRU to stealthy Microsoft 365 credential-stealing malware The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia’s military intelligence service (GRU). […] Bill Toulas Go to bleepingcomputer

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. […] Lawrence Abrams Go to bleepingcomputer

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Teams voice calls abused to push Matanbuchus malware The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. […] Bill Toulas Go to bleepingcomputer

Co-op confirms data of 6.5 million members stolen in cyberattack UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. […] Lawrence Abrams Go to bleepingcomputer

Louis Vuitton says regional data breaches tied to same cyberattack Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. […] Lawrence Abrams Go to bleepingcomputer

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. […] Bill Toulas Go to bleepingcomputer

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. […] Ionut Ilascu Go to bleepingcomputer

Abacus dark web drug market goes offline in suspected exit scam Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam. […] Bill Toulas Go to bleepingcomputer

North Korean XORIndex malware hidden in 67 malicious npm packages North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. […] Bill Toulas Go to bleepingcomputer

UK launches vulnerability research program for external experts UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. […] Bill Toulas Go to bleepingcomputer

Interlock ransomware adopts FileFix method to deliver malware Hackers have adopted the new technique called ‘FileFix’ in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. […] Bill Toulas Go to bleepingcomputer

Malicious VSCode extension in Cursor IDE led to $500K crypto theft A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. […] Lawrence Abrams Go to bleepingcomputer

Hackers are exploiting critical RCE flaw in Wing FTP Server Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. […] Bill Toulas Go to bleepingcomputer

‘123456’ password exposed chats for 64 million McDonald’s job chatbot applications Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States. […] Lawrence Abrams Go to bleepingcomputer

‘123456’ password exposed chats for 64 million McDonald’s job applicants Cybersecurity researchers discovered a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applicants across the United States. […] Lawrence Abrams Go to bleepingcomputer

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. […] Lawrence Abrams Go to bleepingcomputer

WordPress Gravity Forms developer hacked to push backdoored plugins The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. […] Bill Toulas Go to bleepingcomputer

The zero-day that could’ve compromised every Cursor and Windsurf user Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could’ve let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat’s been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. […] Sponsored…

Russian pro basketball player arrested for alleged role in ransomware attacks Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. […] Lawrence Abrams Go to bleepingcomputer

PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. […] Bill Toulas Go to bleepingcomputer

FBI’s CJIS demystified: Best practices for passwords, MFA & access control FBI’s Criminal Justice Information Services (CJIS) compliance isn’t optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. […] Sponsored by Specops Software Go to bleepingcomputer

Qantas confirms data breach impacts 5.7 million customers Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers’ data. […] Lawrence Abrams Go to bleepingcomputer

M&S confirms social engineering led to massive ransomware attack M&S confirmed today that the retail outlet’s network was initially breached in a “sophisticated impersonation attack” that ultimately led to a DragonForce ransomware attack. […] Lawrence Abrams Go to bleepingcomputer

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. […] Lawrence Abrams Go to bleepingcomputer

Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. […] Lawrence Abrams Go to bleepingcomputer

Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor, to attackers persistent access to compromised systems. […] Bill Toulas Go to bleepingcomputer

Qantas is being extorted in recent data-theft cyberattack Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. […] Lawrence Abrams Go to bleepingcomputer

Ingram Micro outage caused by SafePay ransomware attack An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. […] Lawrence Abrams Go to bleepingcomputer

Ingram Micro suffers global outage as internal systems inaccessible IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. […] Lawrence Abrams Go to bleepingcomputer

Hacker leaks Telefónica data allegedly stolen in a new breach A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. […] Ionut Ilascu Go to bleepingcomputer

Grafana releases critical security update for Image Renderer plugin Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. […] Bill Toulas Go to bleepingcomputer

IdeaLab confirms data stolen in ransomware attack last year IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. […] Bill Toulas Go to bleepingcomputer

NimDoor crypto-theft macOS malware revives itself when killed North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. […] Bill Toulas Go to bleepingcomputer

DOJ investigates ex-ransomware negotiator over extortion kickbacks An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. […] Lawrence Abrams Go to bleepingcomputer

Cisco warns that Unified CM has hardcoded root SSH credentials Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. […] Sergiu Gatlan Go to bleepingcomputer

Qantas discloses cyberattack amid Scattered Spider aviation breaches Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. […] Lawrence Abrams Go to bleepingcomputer

Kelly Benefits says 2024 data breach impacts 550,000 customers Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. […] Bill Toulas Go to bleepingcomputer

Aeza Group sanctioned for hosting ransomware, infostealer servers The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. […] Lawrence Abrams Go to bleepingcomputer

U.S. warns of Iranian cyber threats on critical infrastructure U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. […] Lawrence Abrams Go to bleepingcomputer

Bluetooth flaws could let hackers spy through your microphone Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. […] Ionut Ilascu Go to bleepingcomputer

Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy Let’s Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. […] Bill Toulas Go to bleepingcomputer

Scattered Spider hackers shift focus to aviation, transportation firms Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors […] Lawrence Abrams Go to bleepingcomputer

Citrix Bleed 2 flaw now believed to be exploited in attacks A critical NetScaler ADC and Gateway vulnerability dubbed “Citrix Bleed 2” (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. […] Bill Toulas Go to bleepingcomputer

Retail giant Ahold Delhaize says data breach affects 2.2 million people Ahold Delhaize, one of the world’s largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. […] Sergiu Gatlan Go to bleepingcomputer

Whole Foods supplier UNFI restores core systems after cyberattack American grocery wholesale giant United Natural Foods (UNFI) reports that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Hawaiian Airlines discloses cyberattack, flights not affected Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. […] Sergiu Gatlan Go to bleepingcomputer

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks CISA says a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. […] Sergiu Gatlan Go to bleepingcomputer

Hacker ‘IntelBroker’ charged in US for global data theft breaches A British national known online as “IntelBroker” has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. […] Lawrence Abrams Go to bleepingcomputer

Hackers turn ScreenConnect into malware using Authenticode stuffing Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s  Authenticode signature. […] Lawrence Abrams Go to bleepingcomputer

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. […] Ionut Ilascu Go to bleepingcomputer

SonicWall warns of trojanized NetExtender stealing VPN logins SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. […] Bill Toulas Go to bleepingcomputer

APT28 hackers use Signal chats to launch new malware attacks on Ukraine The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. […] Bill Toulas Go to bleepingcomputer

US Homeland Security warns of escalating Iranian cyberattack risks The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. […] Sergiu Gatlan Go to bleepingcomputer

Canada says Salt Typhoon hacked telecom firm via Cisco flaw The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. […] Bill Toulas Go to bleepingcomputer

Revil ransomware members released after time served on carding charges Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. […] Sergiu Gatlan Go to bleepingcomputer

CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors’ crypto. […] Lawrence Abrams Go to bleepingcomputer

Russian hackers bypass Gmail MFA using stolen app passwords Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. […] Ionut Ilascu Go to bleepingcomputer

WordPress Motors theme flaw mass-exploited to hijack admin accounts Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme “Motors” to hijack administrator accounts and gain complete control of a targeted site. […] Bill Toulas Go to bleepingcomputer

Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. […] Bill Toulas Go to bleepingcomputer

Aflac discloses breach amidst Scattered Spider insurance attacks On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. […] Sergiu Gatlan Go to bleepingcomputer

Can users reset their own passwords without sacrificing security? Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. […] Sponsored by Specops Software Go to bleepingcomputer

No, the 16 billion credentials leak is not a new data breach News broke today of a “mother of all breaches,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. […] Lawrence Abrams…

Webinar: Stolen credentials are the new front door to your network Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software’s Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks…

Krispy Kreme says November data breach impacts over 160,000 people U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. […] Sergiu Gatlan Go to bleepingcomputer