Category: Security

Chainlit AI framework bugs let hackers breach cloud environments Two high-severity vulnerabilities in Chainlit, a popular open-source framework for building conversational AI applications, allow reading any file on the server and leak sensitive information. […] Bill Toulas Go to bleepingcomputer

Cisco fixes Unified Communications RCE zero day exploited in attacks Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. […] Lawrence Abrams Go to bleepingcomputer

New Android malware uses AI to click on hidden browser ads A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. […] Bill Toulas Go to bleepingcomputer

Online retailer PcComponentes says data breach claims are fake PcComponentes, a major technology retailer in Spain, has denied claims of a data breach on its systems impacting 16 million customers, but confirmed it suffered a credential stuffing attack. […] Bill Toulas Go to bleepingcomputer

ACF plugin bug gives hackers admin on 50,000 WordPress sites A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. […] Bill Toulas Go to bleepingcomputer

Fake ad blocker extension crashes the browser for ClickFix attacks A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. […] Bill Toulas Go to bleepingcomputer

New PDFSider Windows malware deployed on Fortune 100 firm’s network Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. […] Bill Toulas Go to bleepingcomputer

UK govt. warns about ongoing Russian hacktivist group attacks The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. […] Bill Toulas Go to bleepingcomputer

CIRO confirms data breach exposed info on 750,000 Canadian investors The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. […] Bill Toulas Go to bleepingcomputer

Credential-stealing Chrome extensions target enterprise HR platforms Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. […] Lawrence Abrams Go to bleepingcomputer

Malicious GhostPoster browser extensions found with 840,000 installs Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. […] Bill Toulas Go to bleepingcomputer

StealC hackers hacked as researchers hijack malware control panels A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers’ hardware. […] Bill Toulas Go to bleepingcomputer

China-linked hackers exploited Sitecore zero-day for initial access An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. […] Bill Toulas Go to bleepingcomputer

Cisco finally fixes AsyncOS zero-day exploited since November ​Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. […] Sergiu Gatlan Go to bleepingcomputer

Gootloader now uses 1,000-part ZIP archives for stealthy delivery The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. […] Bill Toulas Go to bleepingcomputer

FTC bans GM from selling drivers’ location data for five years The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent. […] Sergiu Gatlan Go to bleepingcomputer

Palo Alto Networks warns of DoS bug letting hackers disable firewalls Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. […] Sergiu Gatlan Go to bleepingcomputer

Monroe University says 2024 data breach affects 320,000 people Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Ukraine’s army targeted in new charity-themed malware campaign Officials of Ukraine’s Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. […] Bill Toulas Go to bleepingcomputer

Facebook login thieves now using browser-in-browser trick Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

University of Hawaii Cancer Center hit by ransomware attack ​University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. […] Sergiu Gatlan Go to bleepingcomputer

Instagram denies breach amid claims of 17 million account data leak Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. […] Lawrence Abrams Go to bleepingcomputer

BreachForums hacking forum database leaked, exposing 324,000 accounts The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. […] Lawrence Abrams Go to bleepingcomputer

Spain arrests 34 suspects linked to Black Axe cyber crime Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe. […] Bill Toulas Go to bleepingcomputer

Ireland recalls almost 13,000 passports over missing ‘IRL’ code Ireland’s Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect. The printing error makes the documents non-compliant with international travel standards and potentially unreadable at automated border gates. […] Ax Sharma Go to bleepingcomputer

Illinois Department of Human Services data breach affects 700K people The Illinois Department of Human Services (IDHS), one of Illinois’ largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. […] Sergiu Gatlan Go to bleepingcomputer

CISA retires 10 emergency cyber orders in rare bulk closure The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. […] Lawrence Abrams Go to bleepingcomputer

FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. […] Bill Toulas Go to bleepingcomputer

New China-linked hackers breach telcos using edge device exploits A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. […] Bill Toulas Go to bleepingcomputer

Cisco warns of Identity Service Engine flaw with exploit code Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. […] Sergiu Gatlan Go to bleepingcomputer

CISA tags max severity HPE OneView flaw as actively exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

New GoBruteforcer attack wave targets crypto, blockchain projects A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. […] Bill Toulas Go to bleepingcomputer

Critical jsPDF flaw lets hackers steal secrets via generated PDFs The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. […] Bill Toulas Go to bleepingcomputer

Kimwolf Android botnet abuses residential proxies to infect internal devices The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. […] Bill Toulas Go to bleepingcomputer

ClickFix attack uses fake Windows BSOD screens to push malware A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. […] Bill Toulas Go to bleepingcomputer

US broadband provider Brightspeed investigates breach claims Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. […] Sergiu Gatlan Go to bleepingcomputer

Hackers claim to hack Resecurity, firm says it was a honeypot The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. […] Lawrence Abrams Go to bleepingcomputer

Covenant Health says May data breach impacted nearly 478,000 patients The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. […] Ionut Ilascu Go to bleepingcomputer

Cryptocurrency theft attacks traced to 2022 LastPass breach Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. […] Lawrence Abrams Go to bleepingcomputer

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. […] Sergiu Gatlan Go to bleepingcomputer

The biggest cybersecurity and cyberattack stories of 2025 2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories…

RondoDox botnet exploits React2Shell flaw to breach Next.js servers The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. […] Bill Toulas Go to bleepingcomputer

IBM warns of critical API Connect auth bypass vulnerability IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. […] Sergiu Gatlan Go to bleepingcomputer

Disney will pay $10 million to settle children’s data privacy lawsuit Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children’s Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. […] Sergiu Gatlan Go to bleepingcomputer

New ErrTraffic service enables ClickFix attacks via fake browser glitches A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions […] Bill Toulas Go to bleepingcomputer

European Space Agency confirms breach of “external servers” The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. […] Sergiu Gatlan Go to bleepingcomputer

Zoom Stealer browser extensions harvest corporate meeting intelligence A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. […] Bill Toulas Go to bleepingcomputer

US cybersecurity experts plead guilty to BlackCat ransomware attacks Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. […] Sergiu Gatlan Go to bleepingcomputer

Chinese state hackers use rootkit to hide ToneShell malware activity A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. […] Bill Toulas Go to bleepingcomputer

Coupang to split $1.17 billion among 33.7 million data breach victims Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. […] Bill Toulas Go to bleepingcomputer

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. […] Bill Toulas Go to bleepingcomputer

Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. […] Sergiu Gatlan Go to bleepingcomputer

The Real-World Attacks Behind OWASP Agentic AI Top 10 OWASP’s new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused.…

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. […] Ionut Ilascu Go to bleepingcomputer

Hacker claims to leak WIRED database with 2.3 million records A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. […] Lawrence Abrams Go to…

Fake Grubhub emails promise tenfold return on sent cryptocurrency Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. […] Ionut Ilascu Go to bleepingcomputer

Trust Wallet confirms extension hack led to $7 million crypto theft Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers.…

Trust Wallet Chrome extension hack tied to millions in losses Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. […]…

Fake MAS Windows activation domain used to spread PowerShell malware A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’. […] Bill Toulas Go to bleepingcomputer

MongoDB warns admins to patch severe RCE flaw immediately MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. […] Sergiu Gatlan Go to bleepingcomputer

WebRAT malware spread via fake vulnerability exploits on GitHub The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. […] Bill Toulas Go to bleepingcomputer

Malicious extensions in Chrome Web store steal user credentials Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. […] Bill Toulas Go to bleepingcomputer

Cyberattack knocks offline France’s postal, banking services The French national postal service’s online services were knocked offline by “a major network incident” on Monday, disrupting digital banking and other services for millions. […] Sergiu Gatlan Go to bleepingcomputer

Italy fines Apple $116 million over App Store privacy policy issues Italy’s competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. […] Sergiu Gatlan Go to bleepingcomputer

Baker University says 2024 data breach impacts 53,000 people Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. […] Sergiu Gatlan Go to bleepingcomputer

Nissan says thousands of customers exposed in Red Hat breach Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. […] Bill Toulas Go to bleepingcomputer

Malicious npm package steals WhatsApp accounts and messages A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. […] Bill Toulas Go to bleepingcomputer

Ukrainian hacker admits affiliate role in Nefilim ransomware gang A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. […] Sergiu Gatlan Go to bleepingcomputer

Critical RCE flaw impacts over 115,000 WatchGuard firewalls Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

RansomHouse upgrades encryption with multi-layered data processing The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. […] Bill Toulas Go to bleepingcomputer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. […] Bill Toulas Go to bleepingcomputer

Over 25,000 FortiCloud SSO devices exposed to remote attacks Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Clop ransomware targets Gladinet CentreStack in data theft attacks The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. […] Sergiu Gatlan Go to bleepingcomputer