Category: Security

Sarcoma ransomware claims breach at giant PCB maker Unimicron A relatively new ransomware operation named ‘Sarcoma’ has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. […] Bill Toulas Go to bleepingcomputer

DPRK hackers dupe targets into typing PowerShell commands as admin North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. […] Bill Toulas Go to bleepingcomputer

Ivanti fixes three critical flaws in Connect Secure & Policy Secure Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems. […] Bill Toulas Go to bleepingcomputer

Fortinet discloses second firewall auth bypass patched in January Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices. […] Sergiu Gatlan Go to bleepingcomputer

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. […] Bill Toulas Go to bleepingcomputer

A Cybersecurity Leader’s Guide to SecVal in 2025 Are your defenses truly battle-tested? Security validation ensures you’re not just hoping your security works—it proves it. Learn more from Pentera on how to validate against ransomware, credential threats, and unpatched vulnerabilities in the GOAT Guide. […] Sponsored by Pentera Go to bleepingcomputer

Massive brute force attack uses 2.8 million IPs to target VPN devices A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. […] Bill Toulas Go to bleepingcomputer

HPE notifies employees of data breach after Russian Office 365 hack Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. […] Bill Toulas Go to bleepingcomputer

US health system notifies 882,000 patients of August 2023 breach Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. […] Sergiu Gatlan Go to bleepingcomputer

Cloudflare outage caused by botched blocking of phishing URL An attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. […] Bill Toulas Go to bleepingcomputer

Kimsuky hackers use new custom RDP Wrapper for remote access The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. […] Bill Toulas Go to bleepingcomputer

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. […] Bill Toulas Go to bleepingcomputer

Critical Cisco ISE bug can let attackers run commands as root Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders agencies to patch Linux kernel bug exploited in attacks ​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

Hackers spoof Microsoft ADFS login pages to steal credentials A help desk phishing campaign targets an organization’s Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. […] Bill Toulas Go to bleepingcomputer

Cyber agencies share security guidance for network edge devices Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to help defenders detect attacks and investigate breaches. […] Sergiu Gatlan Go to bleepingcomputer

Chinese cyberspies use new SSH backdoor in network device hacks A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. […] Bill Toulas Go to bleepingcomputer

Netgear warns users to patch critical WiFi router vulnerabilities Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. […] Sergiu Gatlan Go to bleepingcomputer

GrubHub data breach impacts customers, drivers, and merchants ​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a service provider account. […] Sergiu Gatlan Go to bleepingcomputer

Amazon Redshift gets new default settings to prevent data breaches Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. […] Bill Toulas Go to bleepingcomputer

Indian tech giant Tata Technologies hit by ransomware attack Tata Technologies Ltd. had to suspend some of its IT services following a ransomware attack that impacted the company network. […] Bill Toulas Go to bleepingcomputer

Globe Life data breach may impact an additional 850,000 clients Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. […] Bill Toulas Go to bleepingcomputer

Mizuno USA says hackers stayed in its network for two months ​Mizuno USA, a subsidiary of Mizuno Corporation, one of the world’s largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. […] Sergiu Gatlan Go to bleepingcomputer

New Aquabotv3 botnet malware targets Mitel command injection flaw A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. […] Bill Toulas Go to bleepingcomputer

Laravel admin package Voyager vulnerable to one-click RCE flaw Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. […] Bill Toulas Go to bleepingcomputer

FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploiting flaws in SimpleHelp RMM to breach networks Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. […] Bill Toulas Go to bleepingcomputer

Engineering giant Smiths Group discloses security breach London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company’s systems. […] Sergiu Gatlan Go to bleepingcomputer

DeepSeek halts new signups amid “large-scale” cyberattack Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing “large-scale” cyberattack targeting its services. […] Lawrence Abrams Go to bleepingcomputer

EU sanctions Russian GRU hackers for cyberattacks against Estonia The European Union sanctioned three hackers, part of Unit 29155 of Russia’s military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia’s government agencies in 2020. […] Sergiu Gatlan Go to bleepingcomputer

UnitedHealth now says 190 million impacted by 2024 data breach UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. […] Lawrence Abrams Go to bleepingcomputer

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. […] Bill Toulas Go to bleepingcomputer

TalkTalk investigates breach after data for sale on hacking forum UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. […] Lawrence Abrams Go to bleepingcomputer

Subaru Starlink flaw let hackers hijack cars in US and Canada Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. […] Sergiu Gatlan Go to bleepingcomputer

Hacker infects 18,000 “script kiddies” with fake malware builder A threat actor targeted low-skilled hackers, known as “script kiddies,” with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. […] Bill Toulas Go to bleepingcomputer

FBI: North Korean IT workers steal source code to extort employers The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. […] Sergiu Gatlan Go to bleepingcomputer

Hundreds of fake Reddit sites push Lumma Stealer malware Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. […] Bill Toulas Go to bleepingcomputer

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. […] Sergiu Gatlan Go to bleepingcomputer

Critical zero-days impact premium WordPress real estate plugins The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. […] Bill Toulas Go to bleepingcomputer

Cloudflare CDN flaw leaks user location data, even through secure chat apps A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord. […] Bill Toulas Go to bleepingcomputer

Telegram captcha tricks you into running malicious PowerShell scripts Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. […] Bill Toulas Go to bleepingcomputer

Cisco warns of denial of service flaw with PoC exploit code Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. […] Sergiu Gatlan Go to bleepingcomputer

PowerSchool hacker claims they stole data of 62 million students The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers. […] Lawrence Abrams Go to bleepingcomputer

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. […] Bill Toulas Go to bleepingcomputer

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now ​A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers when extracting malicious files from nested archives. […] Sergiu Gatlan Go to bleepingcomputer

HPE investigates breach as hacker claims to steal source code Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. […] Sergiu Gatlan Go to bleepingcomputer

Star Blizzard hackers abuse WhatsApp to target high-value diplomats Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. […] Bill Toulas Go to bleepingcomputer

Otelier data breach exposes info, hotel reservations of millions Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests’ personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. […] Lawrence Abrams Go to bleepingcomputer

Malicious PyPi package steals Discord auth tokens from devs A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. […] Bill Toulas Go to bleepingcomputer

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. […] Bill Toulas Go to bleepingcomputer

Microsoft expands testing of Windows 11 admin protection feature Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. […] Sergiu Gatlan Go to bleepingcomputer

US cracks down on North Korean IT worker army with more sanctions The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea’s Ministry of National Defense that have generated revenue via illegal remote IT work schemes. […] Sergiu Gatlan Go to bleepingcomputer

Biden signs executive order to bolster national cybersecurity Days before leaving office, President Joe Biden signed an executive order to shore up the United States’ cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation’s critical infrastructure. […] Sergiu Gatlan Go to bleepingcomputer

Hackers leak configs and VPN credentials for 15,000 FortiGate devices A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. […] Lawrence Abrams Go to bleepingcomputer

SAP fixes critical vulnerabilities in NetWeaver application servers SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. […] Bill Toulas Go to bleepingcomputer

MikroTik botnet uses misconfigured SPF DNS records to spread malware A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. […] Bill Toulas Go to bleepingcomputer

Label giant Avery says website hacked to steal credit cards Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information. […] Bill Toulas Go to bleepingcomputer

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. […] Bill Toulas Go to bleepingcomputer

CISA orders agencies to patch BeyondTrust bug exploited in attacks ​CISA tagged a vulnerability in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. […] Sergiu Gatlan Go to bleepingcomputer