Category: Security

Aura confirms data breach exposing 900,000 marketing contacts Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Zimbra XSS flaw exploited in attacks CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […] Sergiu Gatlan Go to bleepingcomputer

ConnectWise patches new flaw allowing ScreenConnect hijacking ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. […] Bill Toulas Go to bleepingcomputer

Ransomware gang exploits Cisco flaw in zero-day attacks since January The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […] Sergiu Gatlan Go to bleepingcomputer

Marquis: Ransomware gang stole data of 672K people in cyberattack Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. […] Sergiu Gatlan Go to bleepingcomputer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. […] Bill Toulas Go to bleepingcomputer

Top 5 Things CISOs Need to Do Today to Secure AI Agents AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. […] Sponsored by Token Security Go to bleepingcomputer

Stryker attack wiped tens of thousands of devices, no malware needed Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. […] Ionut Ilascu Go to bleepingcomputer

CISA flags Wing FTP Server flaw as actively exploited in attacks CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. […] Sergiu Gatlan Go to bleepingcomputer

UK’s Companies House confirms security flaw exposed business data Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025. […] Sergiu Gatlan Go to bleepingcomputer

Shadow AI is everywhere. Here’s how to find and secure it. Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. […] Sponsored by Nudge Security Go to bleepingcomputer

Poland’s nuclear research centre targeted by cyberattack Poland’s National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. […] Bill Toulas Go to bleepingcomputer

From VMware to what’s next: Protecting data during hypervisor migration Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. […] Sponsored by Acronis Go to bleepingcomputer

Starbucks discloses data breach affecting hundreds of employees Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. […] Sergiu Gatlan Go to bleepingcomputer

Canadian retail giant Loblaw notifies customers of data breach Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company’s digital services will have to log in again. […] Bill Toulas Go to bleepingcomputer

England Hockey investigating ransomware data breach England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. […] Bill Toulas Go to bleepingcomputer

WhatsApp introduces parent-managed accounts for pre-teens WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. […] Sergiu Gatlan Go to bleepingcomputer

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch n8n RCE flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Medtech giant Stryker offline after Iran-linked wiper malware attack Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. […] Sergiu Gatlan Go to bleepingcomputer

New PhantomRaven NPM attack wave steals dev data via 88 packages New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. […] Bill Toulas Go to bleepingcomputer

New ‘BlackSanta’ EDR killer spotted targeting HR departments For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. […] Bill Toulas Go to bleepingcomputer

New ‘Zombie ZIP’ technique lets malware slip past security tools A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. […] Bill Toulas Go to bleepingcomputer

Microsoft Teams phishing targets employees with A0Backdoor malware Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. […] Bill Toulas Go to bleepingcomputer

Dutch govt warns of Signal, WhatsApp account hijacking attacks Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. […] Lawrence Abrams Go to bleepingcomputer

Ericsson US discloses data breach after service provider hack Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. […] Sergiu Gatlan Go to bleepingcomputer

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. […] Lawrence Abrams Go to bleepingcomputer

Termite ransomware breaches linked to ClickFix CastleRAT attacks Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. […] Bill Toulas Go to bleepingcomputer

Microsoft: Hackers abusing AI at every stage of cyberattacks Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. […] Lawrence Abrams Go to bleepingcomputer

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program.…

Fake Claude Code install guides push infostealers in InstallFix attacks Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. […] Bill Toulas Go to bleepingcomputer

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it’s investigating a breach that affected systems used to manage surveillance and wiretap warrants. […] Sergiu Gatlan Go to bleepingcomputer

Chinese state hackers target telcos with new malware toolkit A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. […] Bill Toulas Go to bleepingcomputer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. […] Lawrence Abrams Go to bleepingcomputer

WordPress membership plugin bug exploited to create admin accounts Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. […] Bill Toulas Go to bleepingcomputer

Phobos ransomware admin pleads guilty to wire fraud conspiracy A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. […] Sergiu Gatlan Go to bleepingcomputer

CISA flags VMware Aria Operations RCE flaw as exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer

Paint maker giant AkzoNobel confirms cyberattack on U.S. site The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. […] Bill Toulas Go to bleepingcomputer

CyberStrikeAI tool adopted by hackers for AI-powered attacks Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. […] Lawrence Abrams Go to bleepingcomputer

Fake Google Security site uses PWA app to steal credentials, MFA codes A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. […] Ionut Ilascu Go to bleepingcomputer

Alabama man pleads guilty to hacking, extorting hundreds of women A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). […] Sergiu Gatlan Go to bleepingcomputer

ClawJacked attack let malicious websites hijack OpenClaw to steal data Security researchers have disclosed a high-severity vulnerability dubbed “ClawJacked” in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. […] Lawrence Abrams Go to bleepingcomputer

QuickLens Chrome extension steals crypto, shows ClickFix attack A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. […] Lawrence Abrams Go to bleepingcomputer

APT37 hackers use new malware to breach air-gapped networks North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […] Bill Toulas Go to bleepingcomputer

Europol-led crackdown on The Com hackers leads to 30 arrests A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online cybercrime collective that targets children and teenagers. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns that RESURGE malware can be dormant on Ivanti devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […] Bill Toulas Go to bleepingcomputer

Third-Party Patching and the Business Footprint We All Share Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. […] Sponsored by Action1 Go to bleepingcomputer

Trend Micro warns of critical Apex One code execution flaws Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. […] Sergiu Gatlan Go to bleepingcomputer

European DYI chain ManoMano data breach impacts 38 million customers DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. […] Bill Toulas Go to bleepingcomputer

Critical Juniper Networks PTX flaw allows full router takeover A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. […] Bill Toulas Go to bleepingcomputer

Olympique Marseille confirms ‘attempted’ cyberattack after data leak French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club’s systems earlier this month. […] Sergiu Gatlan Go to bleepingcomputer

Fake Next.js job interview tests backdoor developer’s devices The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. […] Bill Toulas Go to bleepingcomputer

Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. […] Lawrence Abrams Go to bleepingcomputer

Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. […] Sergiu Gatlan Go to bleepingcomputer

Phishing campaign targets freight and logistics orgs in the US, Europe A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. […] Bill Toulas Go to bleepingcomputer

Wynn Resorts confirms employee data breach after extortion threat Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang’s data leak site. […] Lawrence Abrams Go to bleepingcomputer

1Campaign platform helps malicious Google ads evade detection A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. […] Bill Toulas Go to bleepingcomputer

Android mental health apps with 14.7M installs filled with security flaws Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. […] Ionut Ilascu Go to bleepingcomputer

Spain arrests suspected hacktivists for DDoSing govt sites Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions. […] Sergiu Gatlan Go to bleepingcomputer

Ad tech firm Optimizely confirms data breach after vishing attack New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. […] Sergiu Gatlan Go to bleepingcomputer

When identity isn’t the weak link, access still is Stolen tokens and compromised devices let attackers reuse trust without breaking authentication. Specops Software explains why identity alone isn’t enough and how continuous device verification strengthens Zero Trust. […] Sponsored by Specops Software Go to bleepingcomputer

Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […] Lawrence Abrams Go to bleepingcomputer

Japanese tech giant Advantest hit by ransomware attack Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […] Bill Toulas Go to bleepingcomputer

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. […] Bill Toulas Go to bleepingcomputer

Data breach at French bank registry impacts 1.2 million accounts The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. […] Bill Toulas Go to bleepingcomputer

Why the shift left dream has become a nightmare for security and developers The “shift left” approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by…

PayPal discloses data breach that exposed user info for 6 months PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. […] Sergiu Gatlan Go to bleepingcomputer

Ukrainian gets 5 years for helping North Koreans infiltrate US firms A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. […] Sergiu Gatlan Go to bleepingcomputer

Flaw in Grandstream VoIP phones allows stealthy eavesdropping A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. […] Bill Toulas Go to bleepingcomputer

Google blocked over 1.75 million Play Store app submissions in 2025 Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. […] Bill Toulas Go to bleepingcomputer