Category: Security

Hackers abuse Google ads, Claude.ai chats to push Mac malware Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. […]…

Police shut down reboot of Crimenetwork marketplace, arrest admin German authorities have shut down a relaunch version of the criminal marketplace ‘Crimenetwork’ that generated more than 3.6 million euros, and arrested its operator. […] Bill Toulas Go to bleepingcomputer

JDownloader site hacked to replace installers with Python RAT malware The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. […] Lawrence Abrams Go to bleepingcomputer

Why More Analysts Won’t Solve Your SOC’s Alert Problem Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. […] Sponsored by Prophet Security Go to bleepingcomputer

Trellix source code breach claimed by RansomHouse hackers The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […] Bill Toulas Go to bleepingcomputer

CISA gives feds four days to patch Ivanti flaw exploited as zero-day CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

Zara data breach exposed personal information of 197,000 people Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. […] Sergiu Gatlan Go to bleepingcomputer

Former govt contractor convicted for wiping dozens of federal databases A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. […] Sergiu Gatlan Go to bleepingcomputer

Canvas login portals hacked in mass ShinyHunters extortion campaign The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. […] Lawrence Abrams Go to bleepingcomputer

New TCLBanker malware self-spreads over WhatsApp and Outlook A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. […] Bill Toulas Go to bleepingcomputer

Hackers abuse Google ads for GoDaddy ManageWP login phishing A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. […] Bill Toulas Go to bleepingcomputer

Critical vm2 sandbox bug lets attackers execute code on hosts A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. […] Bill Toulas Go to bleepingcomputer

New Cisco DoS flaw requires manual reboot to revive devices Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. […] Sergiu Gatlan Go to bleepingcomputer

DAEMON Tools devs confirm breach, release malware-free version Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. […] Sergiu Gatlan Go to bleepingcomputer

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

Instructure hacker claims data theft from 8,800 schools, universities The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. […] Lawrence Abrams Go to bleepingcomputer

DAEMON Tools trojanized in supply-chain attack to deploy backdoor Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. […] Bill Toulas Go to bleepingcomputer

Weaver E-cology critical bug exploited in attacks since March Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. […] Bill Toulas Go to bleepingcomputer

Amazon SES increasingly abused in phishing to evade detection The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. […] Bill Toulas Go to bleepingcomputer

Backdoored PyTorch Lightning package drops credential stealer A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. […] Bill Toulas Go to bleepingcomputer

Trellix discloses data breach after source code repository hack Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. […] Sergiu Gatlan Go to bleepingcomputer

Telegram Mini Apps abused for crypto scams, Android malware delivery Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. […] Lawrence Abrams Go to bleepingcomputer

Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. […] Lawrence Abrams Go to bleepingcomputer

ConsentFix v3 attacks target Azure with automated OAuth abuse A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. […] Bill Toulas Go to bleepingcomputer

Edu tech firm Instructure discloses cyber incident, probes impact Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […] Lawrence Abrams Go to bleepingcomputer

15-year-old detained over French govt agency data breach French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. […] Ionut Ilascu Go to bleepingcomputer

Story retracted BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and we regret the error. […] BleepingComputer Go to bleepingcomputer

US ransomware negotiators get 4 years in prison over BlackCat attacks Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer

Romanian leader of online swatting ring gets 4 years in prison A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. […] Sergiu Gatlan Go to bleepingcomputer

FBI links cybercriminals to sharp surge in cargo theft attacks The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. […] Sergiu Gatlan Go to bleepingcomputer

Official SAP npm packages compromised to steal credentials Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. […] Bill Toulas Go to bleepingcomputer

Popular WordPress redirect plugin hid dormant backdoor for years The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. […] Bill Toulas Go to bleepingcomputer

cPanel, WHM emergency update fixes critical auth bypass bug A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. […] Bill Toulas Go to bleepingcomputer

Microsoft says backend change broke Teams Free chat and calls Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. […] Sergiu Gatlan Go to bleepingcomputer

Broken VECT 2.0 ransomware acts as a data wiper for large files Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. […] Bill Toulas Go to bleepingcomputer

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208. […] Bill Toulas Go to bleepingcomputer

Video service Vimeo confirms Anodot breach exposed user data Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. […] Bill Toulas Go to bleepingcomputer

US reportedly charges Scattered Spider hacker arrested in Finland A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. […] Sergiu Gatlan Go to bleepingcomputer

Robinhood account creation flaw abused to send phishing emails Online trading platform Robinhood’s account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. […] Lawrence Abrams Go to bleepingcomputer

GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. […] Bill Toulas Go to bleepingcomputer

Canada arrests three for operating “SMS blaster” device in Toronto Canadian authorities have arrested three men for operating an “SMS blaster” device that pretends to be a cellular tower to send phishing texts to nearby phones. […] Bill Toulas Go to bleepingcomputer

American utility firm Itron discloses breach of internal IT network Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. […] Bill Toulas Go to bleepingcomputer

Threat actor uses Microsoft Teams to deploy new “Snow” malware A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named ‘Snow’ which includes a browser extension, a tunneler, and a backdoor. […] Bill Toulas Go to bleepingcomputer

ADT confirms data breach after ShinyHunters leak threat Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. […] Lawrence Abrams Go to bleepingcomputer

Firestarter malware survives Cisco firewall updates, security patches Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. […] Bill Toulas Go to bleepingcomputer

New BlackFile extortion group linked to surge of vishing attacks A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit file upload bug in Breeze Cache WordPress plugin Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. […] Bill Toulas Go to bleepingcomputer

Bitwarden CLI npm package compromised to steal developer credentials The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. […] Lawrence Abrams Go to bleepingcomputer

Trigona ransomware attacks use custom exfiltration tool to steal data Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. […] Bill Toulas Go to bleepingcomputer

New Checkmarx supply-chain breach affects KICS analysis tool Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. […] Bill Toulas Go to bleepingcomputer

Cosmetics giant Rituals discloses data breach affecting customers Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its “My Rituals” membership database. […] Sergiu Gatlan Go to bleepingcomputer

Kyber ransomware gang toys with post-quantum encryption on Windows A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. […] Bill Toulas Go to bleepingcomputer

Spain dismantles major $4.7M manga piracy platform, arrests four The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around the globe. […] Bill Toulas Go to bleepingcomputer

Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage “Caller-as-a-Service” operations like a professional sales team. […] Sponsored by Flare Go to bleepingcomputer

New Lotus data wiper used against Venezuelan energy, utility firms A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. […] Bill Toulas Go to bleepingcomputer

KelpDAO suffers $290 million heist tied to Lazarus hackers State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. […] Bill Toulas Go to bleepingcomputer

The Gentlemen ransomware now uses SystemBC for bot-powered attacks A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. […] Bill Toulas Go to bleepingcomputer

Seiko USA website defaced as hacker claims customer data theft The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. […] Lawrence Abrams Go to bleepingcomputer

Vercel confirms breach as hackers claim to be selling stolen data Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. […] Lawrence Abrams Go to bleepingcomputer

NIST to stop rating non-priority flaws due to volume increase The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. […] Bill Toulas Go to bleepingcomputer

Critical flaw in Protobuf library enables JavaScript code execution Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. […] Bill Toulas Go to bleepingcomputer

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. […] Sponsored by NAKIVO Go to bleepingcomputer

Payouts King ransomware uses QEMU VMs to bypass endpoint security The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. […] Bill Toulas Go to bleepingcomputer

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. […] Sponsored by Flare Go to bleepingcomputer

Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today’s cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. […]…

CISA flags Apache ActiveMQ flaw as actively exploited in attacks CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […] Sergiu Gatlan Go to bleepingcomputer

Man gets 30 months for selling thousands of hacked DraftKings accounts 23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. […] Sergiu Gatlan Go to bleepingcomputer

US nationals behind DPRK IT worker ‘laptop farm’ sent to prison Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. […] Sergiu Gatlan Go to bleepingcomputer

Critical Nginx UI auth bypass flaw now actively exploited in the wild A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. […] Bill Toulas Go to bleepingcomputer

New AgingFly malware used in attacks on Ukraine govt, hospitals A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. […] Bill Toulas Go to bleepingcomputer

WordPress plugin suite hacked to push malware to thousands of sites More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. […] Bill Toulas Go to bleepingcomputer