Category: Security

Over 100 Chrome Web Store extensions steal user accounts, data More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. […] Bill Toulas Go to bleepingcomputer

McGraw-Hill confirms data breach following extortion threat Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […] Bill Toulas Go to bleepingcomputer

European Gym giant Basic-Fit data breach affects 1 million members Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. […] Bill Toulas Go to bleepingcomputer

Stolen Rockstar Games analytics data leaked by extortion gang Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. […] Lawrence Abrams Go to bleepingcomputer

Critical flaw in wolfSSL library enables forged certificate use A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. […] Bill Toulas Go to bleepingcomputer

FBI takedown of W3LL phishing service leads to developer arrest The FBI Atlanta Field Office and Indonesian authorities have dismantled the “W3LL” global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. […] Lawrence Abrams…

OpenAI rotates macOS certs after Axios attack hit code-signing workflow OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. […] Lawrence Abrams Go to bleepingcomputer

Critical Marimo pre-auth RCE flaw now under active exploitation A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. […] Bill Toulas Go to bleepingcomputer

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. […] Sergiu Gatlan Go to bleepingcomputer

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. […] Sponsored by Qualys Go to bleepingcomputer

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. […] Bill Toulas Go to bleepingcomputer

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. […] Bill Toulas Go to bleepingcomputer

New VENOM phishing attacks steal senior executives’ Microsoft logins Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. […] Bill Toulas Go to bleepingcomputer

Google Chrome adds infostealer protection against session cookie theft Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. […] Ionut Ilascu Go to bleepingcomputer

Smart Slider updates hijacked to push malicious WordPress, Joomla versions Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. […] Bill Toulas Go to bleepingcomputer

Hackers exploiting Acrobat Reader zero-day flaw since December Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. […] Sergiu Gatlan Go to bleepingcomputer

Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. […] Sergiu Gatlan Go to bleepingcomputer

Hackers use pixel-large SVG trick to hide credit card stealer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. […] Bill Toulas Go to bleepingcomputer

Google: New UNC6783 hackers steal corporate Zendesk support tickets A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. […] Bill Toulas Go to bleepingcomputer

Hackers exploit critical flaw in Ninja Forms WordPress plugin A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. […] Bill Toulas Go to bleepingcomputer

FBI: Americans lost a record $21 billion to cybercrime last year U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. […] Bill Toulas Go to bleepingcomputer

Snowflake customers hit in data theft attacks after SaaS integrator breach Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. […] Lawrence Abrams Go to bleepingcomputer

US warns of Iranian hackers targeting critical infrastructure Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. […] Sergiu Gatlan Go to bleepingcomputer

Traffic violation scams switch to QR codes in new phishing texts Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. […] Lawrence Abrams Go…

New FortiClient EMS flaw exploited in attacks, emergency patch released Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit React2Shell in automated credential theft campaign Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. […] Bill Toulas Go to bleepingcomputer

Axios npm hack used fake Teams error fix to hijack maintainer account The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. […] Lawrence Abrams Go to bleepingcomputer

Device code phishing attacks surge 37x as new kits spread online Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. […] Bill Toulas Go to bleepingcomputer

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […] Lawrence Abrams Go to bleepingcomputer

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […] Lawrence Abrams Go to bleepingcomputer

Hims & Hers warns of data breach after Zendesk support ticket breach Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. […] Bill Toulas Go to bleepingcomputer

Die Linke German political party confirms data stolen by Qilin ransomware The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. […] Bill Toulas Go to bleepingcomputer

Evolution of Ransomware: Multi-Extortion Ransomware Attacks Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. […] Sponsored by Penta Security Go to bleepingcomputer

Man admits to locking thousands of Windows devices in extortion plot A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. […] Sergiu Gatlan Go to bleepingcomputer

CERT-EU: European Commission hack exposes data of 30 EU entities The European Union’s Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. […] Sergiu Gatlan Go to bleepingcomputer

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

New CrystalRAT malware adds RAT, stealer and prankware features A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. […] Bill Toulas Go to bleepingcomputer

Dutch Finance Ministry takes treasury banking portal offline after breach The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders feds to patch actively exploited Citrix flaw by Thursday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. […] Sergiu Gatlan Go to bleepingcomputer

New RoadK1ll WebSocket implant used to pivot on breached networks A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. […] Bill Toulas Go to bleepingcomputer

Critical Fortinet Forticlient EMS flaw now exploited in attacks Attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform, according to threat intelligence company Defused. […] Sergiu Gatlan Go to bleepingcomputer

European Commission confirms data breach after Europa.eu hack The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. […] Sergiu Gatlan Go to bleepingcomputer

FBI confirms hack of Director Patel’s personal email inbox The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. […] Ionut Ilascu Go to bleepingcomputer

File read flaw in Smart Slider plugin impacts 500K WordPress sites A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. […] Bill Toulas Go to bleepingcomputer

New Infinity Stealer malware grabs macOS data via ClickFix lures A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. […] Bill Toulas Go to bleepingcomputer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. […] Bill Toulas Go to bleepingcomputer

Fake VS Code alerts on GitHub spread malware to developers A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. […] Bill Toulas Go to bleepingcomputer

Agentic GRC: Teams Get the Tech. The Mindset Shift Is What’s Missing. Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. […] Sponsored by Anecdotes Go to bleepingcomputer

European Commission investigating breach after Amazon cloud account hack The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment. […] Sergiu Gatlan Go to bleepingcomputer

Anti-piracy coalition takes down AnimePlay app with 5 million users The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. […] Sergiu Gatlan Go to bleepingcomputer

Dutch Police discloses security breach after phishing attack The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn’t affected citizens’ data. […] Sergiu Gatlan Go to bleepingcomputer

Ajax football club hack exposed fan data, enabled ticket hijack Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. […] Bill Toulas Go to bleepingcomputer

UK sanctions Xinbi marketplace linked to Asian scam centers The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. […] Sergiu Gatlan Go to bleepingcomputer

PolyShell attacks target 56% of all vulnerable Magento stores Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. […] Bill Toulas Go to bleepingcomputer

Citrix urges admins to patch NetScaler flaws as soon as possible Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. […] Sergiu Gatlan Go to bleepingcomputer

Manager of botnet used in ransomware attacks gets 2 years in prison A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. […] Sergiu Gatlan Go to bleepingcomputer

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. […] Bill Toulas Go to bleepingcomputer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. […] Lawrence Abrams Go to bleepingcomputer

Firefox now has a free built-in VPN with 50GB monthly data limit Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. […] Bill Toulas Go to bleepingcomputer

Mazda discloses security breach exposing employee and partner data Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. […] Bill Toulas Go to bleepingcomputer

Tycoon2FA phishing platform returns after recent police disruption The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. […] Bill Toulas Go to bleepingcomputer

Crunchyroll probes breach after hacker claims to steal 6.8M users’ data Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. […] Lawrence Abrams Go to bleepingcomputer

FBI warns of Handala hackers using Telegram in malware attacks The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. […] Sergiu Gatlan Go to bleepingcomputer

VoidStealer malware steals Chrome master key via debugger trick An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. […] Bill Toulas Go to bleepingcomputer

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Azure Monitor alerts abused for callback phishing attacks Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. […] Lawrence Abrams Go to bleepingcomputer

FBI links Signal phishing attacks to Russian intelligence services The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. […] Lawrence Abrams Go to bleepingcomputer

Oracle pushes emergency fix for critical Identity Manager RCE flaw Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. […] Lawrence Abrams Go to bleepingcomputer

Police take down 373,000 fake CSAM sites in Operation Alice An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch max-severity Cisco flaw by Sunday The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. […] Bill Toulas Go to bleepingcomputer

How CISOs Can Survive the Era of Geopolitical Cyberattacks Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. […] Sponsored by Zero Networks Go to bleepingcomputer

Musician admits to $10M streaming royalty fraud using AI bots North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. […] Sergiu Gatlan Go to bleepingcomputer

International joint action disrupts world’s largest DDoS botnets Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. […] Sergiu Gatlan Go to bleepingcomputer

Ex-data analyst stole company data in $2.5M extortion scheme A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. […] Sergiu Gatlan Go to bleepingcomputer

Navia discloses data breach impacting 2.7 million people Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. […] Bill Toulas Go to bleepingcomputer