Category: Security

Hertz confirms customer info, drivers’ licenses stolen in data breach Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Govtech giant Conduent confirms client data stolen in January cyberattack American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. […] Lawrence Abrams Go to bleepingcomputer

Cybersecurity firm buying hacker forum accounts to spy on cybercriminals Swiss cybersecurity firm Prodaft has launched a new initiative called ‘Sell your Source’ where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. […] Bill Toulas Go to bleepingcomputer

SSL/TLS certificate lifespans reduced to 47 days by 2029 The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. […] Bill Toulas Go to bleepingcomputer

Tycoon2FA phishing kit targets Microsoft 365 with new tricks Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. […] Bill Toulas Go to bleepingcomputer

AI-hallucinated code dependencies become new supply chain risk A new class of supply chain attacks named ‘slopsquatting’ has emerged from the increased use of generative AI tools for coding and the model’s tendency to “hallucinate” non-existent package names. […] Bill Toulas Go to bleepingcomputer

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit WordPress plugin auth bypass hours after disclosure Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. […] Bill Toulas Go to bleepingcomputer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. […] Bill Toulas Go to bleepingcomputer

Oracle says “obsolete servers” hacked, denies cloud breach Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as “two obsolete servers.” […] Sergiu Gatlan Go to bleepingcomputer

Everest ransomware’s dark web leak site defaced, now offline The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. […] Sergiu Gatlan Go to bleepingcomputer

Google fixes Android zero-days exploited in attacks, 60 other flaws Google has released patches for 62 vulnerabilities in Android’s April 2025 security update, including two zero-days exploited in targeted attacks. […] Sergiu Gatlan Go to bleepingcomputer

Carding tool abusing WooCommerce API downloaded 34K times on PyPI A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. […] Bill Toulas Go to bleepingcomputer

WinRAR flaw bypasses Windows Mark of the Web security alerts A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. […] Ionut Ilascu Go to bleepingcomputer

Port of Seattle says ransomware breach impacts 90,000 people ​Port of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. […] Sergiu Gatlan Go to bleepingcomputer

Australian pension funds hit by wave of credential stuffing attacks Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. […] Sergiu Gatlan Go to bleepingcomputer

Europcar GitLab breach exposes data of up to 200,000 customers A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. […] Ionut Ilascu Go to bleepingcomputer

Max severity RCE flaw discovered in widely used Apache Parquet A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. […] Bill Toulas Go to bleepingcomputer

Hunters International shifts from ransomware to pure data extortion The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns of Fast Flux DNS evasion used by cybercrime gangs CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. […] Bill Toulas Go to bleepingcomputer

Ivanti patches Connect Secure zero-day exploited since mid-March Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. […] Sergiu Gatlan Go to bleepingcomputer

Genetic data site openSNP to close and delete data over privacy concerns The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. […] Bill Toulas Go to bleepingcomputer

GitHub expands security tools after 39 million secrets leaked in 2024 Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. […] Bill Toulas Go to bleepingcomputer

Royal Mail investigates data leak claims, no impact on operations ​Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company’s systems. […] Sergiu Gatlan Go to bleepingcomputer

North Korean IT worker army expands operations in Europe ​North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. […] Sergiu Gatlan Go to bleepingcomputer

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses. […] Sponsored by Acronis Go to bleepingcomputer

Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). […] Bill Toulas Go to bleepingcomputer

Hackers abuse WordPress MU-Plugins to hide malicious code Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. […] Bill Toulas Go to bleepingcomputer

Retail giant Sam’s Club investigates Clop ransomware breach claims ​Sam’s Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. […] Sergiu Gatlan Go to bleepingcomputer

OpenAI now pays researchers $100,000 for critical vulnerabilities Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. […] Sergiu Gatlan Go to bleepingcomputer

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. […] Bill Toulas Go to bleepingcomputer

Infostealer campaign compromises 10 npm packages, targets devs Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. […] Bill Toulas Go to bleepingcomputer

Chinese FamousSparrow hackers deploy upgraded malware in attacks A China-linked cyberespionage group known as ‘FamousSparrow’ was observed using a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organization. […] Bill Toulas Go to bleepingcomputer

Oracle customers confirm data stolen in alleged cloud breach is valid Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. […] Lawrence Abrams Go to…

StreamElements discloses third-party data breach after hacker leaks data Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. […] Bill Toulas Go to bleepingcomputer

New Atlantis AIO platform automates credential stuffing on 140 services A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. […] Bill Toulas Go to bleepingcomputer

CrushFTP warns users to patch unauthenticated access flaw immediately CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. […] Sergiu Gatlan Go to bleepingcomputer

Broadcom warns of authentication bypass in VMware Windows Tools Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. […] Sergiu Gatlan Go to bleepingcomputer

23andMe files for bankruptcy, customers advised to delete DNA data ​California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. […] Sergiu Gatlan Go to bleepingcomputer

New VanHelsing ransomware targets Windows, ARM, ESXi systems A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. […] Bill Toulas Go to bleepingcomputer

Cyberattack takes down Ukrainian state railway’s online services Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. […] Bill Toulas Go to bleepingcomputer

DrayTek routers worldwide go into reboot loops over weekend Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. […] Sergiu Gatlan Go to bleepingcomputer

Chinese Weaver Ant hackers spied on telco network for 4 years A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  […] Bill Toulas Go to bleepingcomputer

FBI warnings are true—fake file converters do push malware The FBI is warning that fake online document converters are being used to steal people’s information and, in worst-case scenarios, lead to ransomware attacks. […] Lawrence Abrams Go to bleepingcomputer

Cloudflare now blocks all unencrypted traffic to its API endpoints Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. […] Bill Toulas Go to bleepingcomputer

Microsoft Trusted Signing service abused to code-sign malware Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Trust Signing service abused to code-sign malware Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […] Lawrence Abrams Go to bleepingcomputer

Coinbase was primary target of recent GitHub Actions breaches Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. […] Lawrence Abrams Go to bleepingcomputer

Oracle denies breach after hacker claims theft of 6 million data records Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers […] Sergiu Gatlan Go to bleepingcomputer

Veeam RCE bug lets domain users hack backup servers, patch now Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. […] Lawrence Abrams Go to bleepingcomputer

CISA tags NAKIVO backup flaw as actively exploited in attacks CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. […] Sergiu Gatlan Go to bleepingcomputer

VSCode extensions found downloading early-stage ransomware Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft’s review process. […] Bill Toulas Go to bleepingcomputer

Critical Cisco Smart Licensing Utility flaws now exploited in attacks Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. […] Sergiu Gatlan Go to bleepingcomputer

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. […] Sergiu Gatlan Go to bleepingcomputer

Malware campaign ‘DollyWay’ breached 20,000 WordPress sites A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. […] Bill Toulas Go to bleepingcomputer

Pennsylvania education union data breach hit 500,000 people The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. […] Sergiu Gatlan Go to bleepingcomputer

Ukrainian military targeted in new Signal spear-phishing attacks Ukraine’s Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country’s army forces. […] Bill Toulas Go to bleepingcomputer

Sperm donation giant California Cryobank warns of a data breach US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers’ personal information. […] Lawrence Abrams Go to bleepingcomputer

GitHub Action hack likely led to another in cascading supply chain attack A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. […] Bill Toulas Go to bleepingcomputer

Western Alliance Bank notifies 21,899 customers of data breach Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor’s secure file transfer software was breached. […] Sergiu Gatlan Go to bleepingcomputer

Telegram CEO leaves France temporarily as criminal probe continues French authorities have allowed Pavel Durov, Telegram’s CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. […] Sergiu Gatlan Go to bleepingcomputer

Supply chain attack on popular GitHub Action exposes CI/CD secrets A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. […] Bill Toulas Go to bleepingcomputer

Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. […] Lawrence Abrams Go to bleepingcomputer

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. […] Bill Toulas Go to bleepingcomputer

New Akira ransomware decryptor cracks encryptions keys using GPUs Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. […] Bill Toulas Go to bleepingcomputer

Coinbase phishing email tricks users with fake wallet migration A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. […] Lawrence Abrams Go to bleepingcomputer

Ransomware gang creates tool to automate VPN brute-force attacks The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. […] Bill Toulas Go to bleepingcomputer

Cisco IOS XR vulnerability lets attackers crash BGP on routers Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. […] Sergiu Gatlan Go to bleepingcomputer