Category: Security

Twilio denies breach following leak of alleged Steam 2FA codes Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. […] Bill Toulas Go to bleepingcomputer

Ivanti fixes EPMM zero-days chained in code execution attacks Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. […] Sergiu Gatlan Go to bleepingcomputer

ASUS DriverHub flaw let malicious sites run commands with admin rights The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. […] Bill Toulas Go to bleepingcomputer

Output Messenger flaw exploited as zero-day in espionage attacks A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. […] Sergiu Gatlan Go to bleepingcomputer

Moldova arrests suspect linked to DoppelPaymer ransomware attacks Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. […] Sergiu Gatlan Go to bleepingcomputer

Bluetooth 6.1 enhances privacy with randomized RPA timing The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. […] Bill Toulas Go to bleepingcomputer

iClicker site hack targeted students with malware via fake CAPTCHA The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. […] Lawrence Abrams Go to bleepingcomputer

Police dismantles botnet selling hacked routers as residential proxies Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers behind attacks targeting SAP NetWeaver servers Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor. […] Sergiu Gatlan Go to bleepingcomputer

Cisco fixes max severity IOS XE flaw letting attackers hijack devices Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. […] Bill Toulas Go to bleepingcomputer

Supply chain attack hits npm package with 45,000 weekly downloads An npm package named ‘rand-user-agent’ has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user’s system. […] Bill Toulas Go to bleepingcomputer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022 A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. […] Sergiu Gatlan Go to bleepingcomputer

LockBit ransomware gang hacked, victim negotiations exposed The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. […] Lawrence Abrams Go to bleepingcomputer

PowerSchool hacker now extorting individual school districts PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. […] Lawrence Abrams Go to bleepingcomputer

CoGUI phishing platform sent 580 million emails to steal credentials A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. […] Bill Toulas Go to bleepingcomputer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. […] Bill Toulas Go to bleepingcomputer

Apache Parquet exploit tool detect servers vulnerable to critical flaw A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. […] Bill Toulas Go to bleepingcomputer

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. […] Bill Toulas Go to bleepingcomputer

UK Legal Aid Agency investigates cybersecurity incident The Legal Aid Agency (LAA), an executive agency of the UK’s Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. […] Sergiu Gatlan Go to bleepingcomputer

Critical Langflow RCE flaw exploited to hack AI app servers The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. […] Bill Toulas Go to bleepingcomputer

Linux wiper malware hidden in malicious Go modules on GitHub A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. […] Ionut Ilascu Go to bleepingcomputer

Luna Moth extortion hackers pose as IT help desks to breach US firms The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. […] Bill Toulas Go to bleepingcomputer

New “Bring Your Own Installer” EDR bypass used in ransomware attack A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. […] Lawrence Abrams Go to bleepingcomputer

StealC malware enhanced with stealth upgrades and data theft tools The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. […] Bill Toulas Go to bleepingcomputer

Co-op confirms data theft after DragonForce ransomware claims attack The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. […] Lawrence Abrams Go to bleepingcomputer

Magento supply chain attack compromises hundreds of e-stores A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. […] Bill Toulas Go to bleepingcomputer

UK NCSC: Cyberattacks impacting UK retailers are a wake-up call The United Kingdom’s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a “wake-up call.” […] Sergiu Gatlan Go to bleepingcomputer

TikTok fined €530 million for sending European user data to China The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union’s GDPR data protection regulations. […] Sergiu Gatlan Go to bleepingcomputer

Hacker ‘NullBulge’ pleads guilty to stealing Disney’s Slack data A California man who used the alias “NullBulge” has pleaded guilty to illegally accessing Disney’s internal Slack channels and stealing over 1.1 terabytes of internal company data. […] Lawrence Abrams Go to bleepingcomputer

Ukrainian extradited to US for Nefilim ransomware attacks A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. […] Lawrence Abrams Go to bleepingcomputer

Harrods the next UK retailer targeted in a cyberattack London’s iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. […] Lawrence Abrams Go to bleepingcomputer

Hackers abuse IPv6 networking feature to hijack software updates A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. […] Lawrence Abrams Go to bleepingcomputer

WordPress plugin disguised as a security tool injects backdoor A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. […] Bill Toulas Go to bleepingcomputer

SonicWall: SMA100 VPN vulnerabilities now exploited in attacks Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

Commvault says recent breach didn’t impact customer backup data Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. […] Sergiu Gatlan Go to bleepingcomputer

Hackers ramp up scans for leaked Git tokens and secrets Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. […] Bill Toulas Go to bleepingcomputer

France ties Russian APT28 hackers to 12 cyberattacks on French orgs Today, the French foreign ministry blamed the APT28 hacking group linked to Russia’s military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. […] Sergiu Gatlan Go to bleepingcomputer

Marks & Spencer breach linked to Scattered Spider ransomware attack Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. […] Lawrence Abrams Go to bleepingcomputer

Hitachi Vantara takes servers offline after Akira ransomware attack Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. […] Sergiu Gatlan Go to bleepingcomputer

VeriSource now says February data breach impacts 4 million people Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people.  […] Bill Toulas Go to bleepingcomputer

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. […] Bill Toulas Go to bleepingcomputer

DragonForce expands ransomware model with white-label branding scheme The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. […] Ionut Ilascu Go to bleepingcomputer

WooCommerce admins targeted by fake security patches that hijack sites A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. […] Bill Toulas Go to bleepingcomputer

Craft CMS RCE exploit chain used in zero-day attacks to steal data Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. […] Lawrence Abrams Go to bleepingcomputer

Marks & Spencer pauses online orders after cyberattack British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Mobile provider MTN says cyberattack compromised customer data African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. […] Bill Toulas Go to bleepingcomputer

FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. […] Sergiu Gatlan Go to bleepingcomputer

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. […] Bill Toulas Go to bleepingcomputer

Lazarus hackers breach six companies in watering hole attacks In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. […] Bill Toulas Go to bleepingcomputer

WhatsApp’s new Advanced Chat Privacy protects sensitive messages WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. […] Sergiu Gatlan Go to bleepingcomputer

FBI: US lost record $16.6 billion to cybercrime in 2024 The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. […] Sergiu Gatlan Go to bleepingcomputer

Marks & Spencer confirms a cyberattack as customers face delayed orders Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. […] Lawrence Abrams Go to bleepingcomputer

Active! Mail RCE flaw exploited in attacks on Japanese orgs An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. […] Bill Toulas Go to bleepingcomputer

WordPress ad-fraud plugins generated 1.4 billion ad requests per day A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. […] Bill Toulas Go to bleepingcomputer

State-sponsored hackers embrace ClickFix social engineering tactic ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. […] Bill Toulas Go to bleepingcomputer

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. […] Lawrence Abrams Go to bleepingcomputer

Interlock ransomware gang pushes fake IT tools in ClickFix attacks The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. […] Bill Toulas Go to bleepingcomputer

FBI: Scammers pose as FBI IC3 employees to ‘help’ recover lost funds The FBI warns that scammers posing as FBI IC3 employees are offering to “help” fraud victims recover money lost to other scammers. […] Sergiu Gatlan Go to bleepingcomputer

SonicWall SMA VPN devices targeted in attacks since January A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. […] Sergiu Gatlan Go to bleepingcomputer

Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. […] Lawrence Abrams Go to bleepingcomputer

Entertainment services giant Legends International discloses data breach Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. […] Bill Toulas Go to bleepingcomputer

Chrome extensions with 6 million installs have hidden tracking code A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. […] Bill Toulas Go to bleepingcomputer

Windows NTLM hash leak flaw exploited in phishing attacks on governments A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. […] Bill Toulas Go to bleepingcomputer

Ahold Delhaize confirms data theft after INC ransomware claims attack Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. […] Bill Toulas Go to bleepingcomputer

CISA tags SonicWall VPN flaw as actively exploited in attacks On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Over 16,000 Fortinet devices compromised with symlink backdoor Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. […] Lawrence Abrams Go to bleepingcomputer

MITRE warns that funding for critical CVE program expires today MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. […] Sergiu Gatlan Go to bleepingcomputer

Midnight Blizzard deploys new GrapeLoader malware in embassy phishing Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. […] Bill Toulas Go to bleepingcomputer

Landmark Admin data breach impact now reaches 1.6 million people Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. […] Bill Toulas Go to bleepingcomputer

Infamous message board 4chan taken down following major hack 4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. […] Sergiu Gatlan Go to bleepingcomputer