Category: Security

Scania confirms insurance claim data breach in extortion attempt Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. […] Bill Toulas Go to bleepingcomputer

Instagram ‘BMO’ ads use AI deepfakes to scam banking customers Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive…

Hackers switch to targeting U.S. insurance companies Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. […] Ionut Ilascu Go to bleepingcomputer

ASUS Armoury Crate bug lets attackers get Windows admin privileges A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. […] Bill Toulas Go to bleepingcomputer

Washington Post’s email system hacked, journalists’ accounts compromised Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. […] Bill Toulas Go to bleepingcomputer

Kali Linux 2025.2 released with 13 new tools, car hacking updates Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. […] Sergiu Gatlan Go to bleepingcomputer

Zoomcar discloses security breach impacting 8.4 million users Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. […] Bill Toulas Go to bleepingcomputer

Over 46,000 Grafana instances exposed to account takeover bug More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. […] Bill Toulas Go to bleepingcomputer

WestJet investigates cyberattack disrupting internal systems WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. […] Lawrence Abrams Go to bleepingcomputer

Anubis ransomware adds wiper to destroy files beyond recovery Bill Toulas Go to bleepingcomputer

Discord flaw lets hackers reuse expired invites in malware campaign Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. […] Bill Toulas Go to bleepingcomputer

Victoria’s Secret restores critical systems after cyberattack Victoria’s Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. […] Sergiu Gatlan Go to bleepingcomputer

Trend Micro fixes critical vulnerabilities in multiple products Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. […] Bill Toulas Go to bleepingcomputer

Fog ransomware attack uses unusual mix of legitimate and open-source tools Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. […] Bill Toulas Go to bleepingcomputer

SmartAttack uses smartwatches to steal data from air-gapped systems A new attack dubbed ‘SmartAttack’ uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. […] Bill Toulas Go to bleepingcomputer

DanaBot malware operators exposed via C2 bug added in 2022 A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. […] Bill Toulas Go to bleepingcomputer

ConnectWise rotating code signing certificates over security concerns ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. […] Bill Toulas Go to bleepingcomputer

New Secure Boot flaw lets attackers install bootkit malware, patch now Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. […] Lawrence Abrams Go to bleepingcomputer

Stolen Ticketmaster data from Snowflake attacks briefly for sale again The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Over 84,000 Roundcube instances vulnerable to actively exploited flaw Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. […] Bill Toulas Go to bleepingcomputer

SentinelOne shares new details on China-linked breach attempt SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. […] Bill Toulas Go to bleepingcomputer

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). […] Lawrence Abrams Go to bleepingcomputer

Malicious npm packages posing as utilities delete project directories Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. […] Bill Toulas Go to bleepingcomputer

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. […] Lawrence Abrams Go to bleepingcomputer

New PathWiper data wiper malware hits critical infrastructure in Ukraine A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. […] Bill Toulas Go to bleepingcomputer

Critical Fortinet flaws now exploited in Qilin ransomware attacks The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. […] Sergiu Gatlan Go to bleepingcomputer

Police arrests 20 suspects for distributing child sexual abuse content Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. […] Sergiu Gatlan Go to bleepingcomputer

Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. […] Lawrence Abrams Go to bleepingcomputer

ViLE gang members sentenced for extortion, police portal breach Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. […] Sergiu Gatlan Go to bleepingcomputer

US offers $10M for tips on state hackers tied to RedLine malware The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. […] Sergiu Gatlan Go to bleepingcomputer

FBI: Play ransomware breached 900 victims, including critical orgs In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. […] Sergiu Gatlan Go…

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. […] Bill Toulas Go to bleepingcomputer

Cartier discloses data breach amid fashion brand cyberattacks Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised. […] Lawrence Abrams Go to bleepingcomputer

The North Face warns customers of April credential stuffing attack Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. […] Bill Toulas Go to bleepingcomputer

Exploit details for max severity Cisco IOS XE flaw now public Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. […] Bill Toulas Go to bleepingcomputer

Hackers are exploiting critical flaw in vBulletin forum software Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. […] Bill Toulas Go to bleepingcomputer

Germany doxxes Conti ransomware and TrickBot ring leader The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. […] Sergiu Gatlan Go to bleepingcomputer

Getting Exposure Management Right: Insights from 500 CISOs Pentesting isn’t just about finding flaws — it’s about knowing which ones matter. Pentera’s 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach…

ConnectWise breached in cyberattack linked to nation-state hackers IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. […] Lawrence Abrams Go to bleepingcomputer

Apple Safari exposes users to fullscreen browser-in-the-middle attacks A weakness in Apple’s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. […] Bill Toulas Go to bleepingcomputer

Data broker LexisNexis discloses data breach affecting 364,000 people Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. […] Sergiu Gatlan Go to bleepingcomputer

APT41 malware abuses Google Calendar for stealthy C2 communication The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. […] Bill Toulas Go to bleepingcomputer

DragonForce ransomware abuses SimpleHelp in MSP supply chain attack The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers’ systems. […] Lawrence Abrams Go to bleepingcomputer

Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. […] Lawrence Abrams Go to…

Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable Not every “critical” vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what’s actually exploitable in your environment — so you can patch what matters. […] Sponsored by Picus Security Go to bleepingcomputer

MATLAB dev confirms ransomware attack behind service outage MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. […] Sergiu Gatlan Go to bleepingcomputer

Adidas warns of data breach after customer service provider hack German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers’ data. […] Sergiu Gatlan Go to bleepingcomputer

Glitch to end app hosting and user profiles on July 8 Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. […] Bill Toulas Go to bleepingcomputer

Dozens of malicious packages on NPM collect host and network data 60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. […] Bill Toulas Go to bleepingcomputer

FBI warns of Luna Moth extortion attacks targeting law firms The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. […] Sergiu Gatlan Go to bleepingcomputer

TikTok videos now push infostealer malware in ClickFix attacks Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. […] Sergiu Gatlan Go to bleepingcomputer

Police takes down 300 servers in ransomware supply-chain crackdown In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer

US indicts leader of Qakbot botnet linked to ransomware attacks The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. […] Ionut Ilascu Go to bleepingcomputer

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […] Bill Toulas Go to bleepingcomputer

Critical Samlify SSO flaw lets attackers log in as admin A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […] Bill Toulas Go to bleepingcomputer

Russian hackers breach orgs to track aid routes to Ukraine A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […] Ionut Ilascu Go to bleepingcomputer

Coinbase says recent data breach impacts 69,461 customers Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals […] Sergiu Gatlan Go to bleepingcomputer

PowerSchool hacker pleads guilty to student data extortion scheme A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. […] Lawrence Abrams Go to bleepingcomputer

Premium WordPress ‘Motors’ theme vulnerable to admin takeover attacks A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. […] Bill Toulas Go to bleepingcomputer

VanHelsing ransomware builder leaked on hacking forum The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. […] Lawrence Abrams Go to bleepingcomputer

Fake KeePass password manager leads to ESXi ransomware attack Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. […] Lawrence Abrams Go to bleepingcomputer

O2 UK patches bug leaking mobile user location from call metadata A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. […] Bill Toulas Go to bleepingcomputer

Arla Foods confirms cyberattack disrupts production, causes delays Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. […] Bill Toulas Go to bleepingcomputer

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. […] Sergiu Gatlan Go to bleepingcomputer

Printer maker Procolored offered malware-laced drivers for months For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. […] Bill Toulas Go to bleepingcomputer

CISA tags recently patched Chrome bug as actively exploited On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. […] Sergiu Gatlan Go to bleepingcomputer

Hackers behind UK retail attacks now targeting US companies Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gangs join ongoing SAP NetWeaver attacks Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. […] Sergiu Gatlan Go to bleepingcomputer

Australian Human Rights Commission leaks docs to search engines The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. […] Bill Toulas Go to bleepingcomputer

SAP patches second zero-day flaw exploited in recent attacks SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. […] Sergiu Gatlan Go to bleepingcomputer

North Korea ramps up cyberspying in Ukraine to assess war risk The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. […] Bill Toulas Go to bleepingcomputer