Category: Security

New password spraying attacks target Cisco, PAN VPN gateways An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. […] Bill Toulas Go to bleepingcomputer

France arrests suspect tied to cyberattack on Interior Ministry French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France’s Ministry of the Interior earlier this month. […] Lawrence Abrams Go to bleepingcomputer

WhatsApp device linking abused in account hijacking attacks Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. […] Bill Toulas Go to bleepingcomputer

Cisco warns of unpatched AsyncOS zero-day exploited in attacks ​Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. […] Sergiu Gatlan Go to bleepingcomputer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. […] Bill Toulas Go to bleepingcomputer

Texas sues TV makers for taking screenshots of what people watch The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated Content Recognition (ACR) technology. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit newly patched Fortinet auth bypass flaws Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. […] Bill Toulas Go to bleepingcomputer

SoundCloud confirms breach after member data stolen, VPN access disrupted Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users’ email addresses and profile information. […] Lawrence Abrams Go to bleepingcomputer

Askul confirms theft of 740k customer records in ransomware attack Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. […] Bill Toulas Go to bleepingcomputer

New SantaStealer malware steals data from browsers, crypto wallets A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. […] Bill Toulas Go to bleepingcomputer

PornHub extorted after hackers steal Premium member activity data Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. […] Lawrence Abrams Go to bleepingcomputer

Beware: PayPal subscriptions abused to send fake purchase emails An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. […] Lawrence Abrams Go to bleepingcomputer

CyberVolk’s ransomware debut stumbles on cryptography weakness The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. […] Bill Toulas Go to bleepingcomputer

Coupang data breach traced to ex-employee who retained system access A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. […] Bill Toulas Go to bleepingcomputer

Fake ‘One Battle After Another’ torrent hides malware in subtitles A fake torrent for Leonardo DiCaprio’s ‘One Battle After Another’ hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. […] Bill Toulas Go to bleepingcomputer

Shadow spreadsheets: The security gap your tools can’t see When official systems can’t support everyday workflows, employees turn to spreadsheets — creating “shadow spreadsheets” that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on. […] Sponsored by Grist Go to bleepingcomputer

CISA orders feds to patch actively exploited Geoserver flaw CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […] Sergiu Gatlan Go to bleepingcomputer

MITRE shares 2025’s top 25 most dangerous software weaknesses MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. […] Sergiu Gatlan Go to bleepingcomputer

MKVCinemas streaming piracy service with 142M visits shuts down An anti-piracy coalition has dismantled one of India’s most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access and sharing. […] Bill Toulas Go to bleepingcomputer

Microsoft Teams to warn of suspicious traffic with external domains Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. […] Sergiu Gatlan Go to bleepingcomputer

Over 10,000 Docker Hub images found leaking credentials, auth keys More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. […] Bill Toulas Go to bleepingcomputer

SAP fixes three critical vulnerabilities across multiple products SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. […] Bill Toulas Go to bleepingcomputer

Fortinet warns of critical FortiCloud SSO login auth bypass flaws Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gangs turn to Shanya EXE packer to hide EDR killers Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. […] Bill Toulas Go to bleepingcomputer

Malicious VSCode extensions on Microsoft’s registry drop infostealers Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. […] Bill Toulas Go to bleepingcomputer

FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024 A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. […] Lawrence Abrams Go to bleepingcomputer

Poland arrests Ukrainians utilizing ‘advanced’ hacking equipment The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining “computer data of particular importance to national defense.” […] Bill Toulas Go to bleepingcomputer

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. […] Lawrence Abrams Go to bleepingcomputer

New wave of VPN login attempts targets Palo Alto GlobalProtect portals A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. […] Bill Toulas Go to bleepingcomputer

FBI warns of virtual kidnapping scams using altered social media photos The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. […] Sergiu Gatlan Go to bleepingcomputer

A Practical Guide to Continuous Attack Surface Visibility Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. […] Sponsored by Sprocket Security Go to bleepingcomputer

EU fines X $140 million over deceptive blue checkmarks The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). […] Sergiu Gatlan Go to bleepingcomputer

Cloudflare blames today’s outage on React2Shell mitigations Cloudflare has blamed today’s outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. […] Bill Toulas Go to bleepingcomputer

NCSC’s ‘Proactive Notifications’ warns orgs of flaws in exposed devices The UK’s National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment. […] Bill Toulas Go to bleepingcomputer

Predator spyware uses new infection vector for zero-click attacks The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin” that compromised specific targets when simply viewing a malicious advertisement. […] Bill Toulas Go to bleepingcomputer

Russia blocks FaceTime and Snapchat for alleged use by terrorists Russian telecommunications watchdog Roskomnadzor has blocked access to Apple’s FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they’re being used to coordinate terrorist attacks. […] Sergiu Gatlan Go to bleepingcomputer

Marquis data breach impacts over 74 US banks, credit unions Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. […] Lawrence Abrams Go to bleepingcomputer

Critical flaw in WordPress add-on for Elementor exploited in attacks Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. […] Bill Toulas Go to bleepingcomputer

French DIY retail giant Leroy Merlin discloses a data breach Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. […] Bill Toulas Go to bleepingcomputer

Freedom Mobile discloses data breach exposing customer data Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. […] Sergiu Gatlan Go to bleepingcomputer

Russia blocks Roblox over distribution of LGBT “propaganda” Roskomnadzor, Russia’s telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. […] Sergiu Gatlan Go to bleepingcomputer

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. […] Bill Toulas Go to bleepingcomputer

Glassworm malware returns in third wave of malicious VS Code packages The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. […] Bill Toulas Go to bleepingcomputer

Retail giant Coupang data breach impacts 33.7 million customers South Korea’s largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. […] Bill Toulas Go to bleepingcomputer

When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats Hackers impersonate IT pros with deepfakes, fake resumes, and stolen identities, turning hiring pipelines into insider threats. Huntres sLabs explains how stronger vetting and access controls help stop these threats. […] Sponsored by Huntress Labs Go to bleepingcomputer

Japanese beer giant Asahi says data breach hit 1.5 million people Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. […] Bill Toulas Go to bleepingcomputer

Public GitLab repositories exposed more than 17,000 secrets After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. […] Bill Toulas Go to bleepingcomputer

French Football Federation discloses data breach after cyberattack The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. […] Sergiu Gatlan Go to bleepingcomputer

Malicious LLMs empower inexperienced hackers with advanced tools Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement. […] Bill Toulas Go to bleepingcomputer

OpenAI discloses API customer data breach via Mixpanel vendor hack OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. […] Ionut Ilascu Go to bleepingcomputer

New ShadowV2 botnet malware used AWS outage as a test opportunity A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. […] Bill Toulas Go to bleepingcomputer

NordVPN Black Friday Deal: Unlock 77% off VPN plans in 2025 The NordVPN Black Friday Deal is now live, and you can get the best discount available: 77% off that applies automatically when you follow our link. If you’ve been waiting for the right moment to upgrade your online security, privacy, and streaming freedom, this is…

Popular Forge library gets fix for signature verification bypass flaw A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. […] Bill Toulas Go to bleepingcomputer

Comcast to pay $1.5M fine for vendor breach affecting 270K customers Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. […] Sergiu Gatlan Go to bleepingcomputer

OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. […] Lawrence Abrams Go to bleepingcomputer

The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals Black Friday 2025 is almost here, and early deals are already live across security software, online courses, system administration tools, antivirus products, and VPN services. These discounts are limited-time offers and vary by provider, so if you see something that fits your needs, it’s best…

FBI: Cybercriminals stole $262M by impersonating bank support teams The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer

Tor switches to new Counter Galois Onion relay encryption algorithm Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). […] Bill Toulas Go to bleepingcomputer

Malicious Blender model files deliver StealC infostealing malware A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. […] Bill Toulas Go to bleepingcomputer

ClickFix attack uses fake Windows Update screen to push malware New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. […] Bill Toulas Go to bleepingcomputer

Real-estate finance services giant SitusAMC breach exposes client data SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. […] Bill Toulas Go to bleepingcomputer

SCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native Patching Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1’s cloud-native patching keeps devices updated from any location, strengthening compliance and security. […] Sponsored by Action1 Go to bleepingcomputer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […] Bill Toulas Go to bleepingcomputer

Enterprise password security and secrets management with Passwork 7 Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. […] Sponsored by Passwork Go to bleepingcomputer

Iberia discloses customer data leak after vendor security breach Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the…

New Costco Gold Star Members also get a $40 Digital Costco Shop Card The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco. Right now, you…

WhatsApp API flaw let researchers scrape 3.5 billion accounts Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. […] Lawrence Abrams Go to bleepingcomputer

Cox Enterprises discloses Oracle E-Business Suite data breach Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. […] Bill Toulas Go to bleepingcomputer

Piecing Together the Puzzle: A Qilin Ransomware Investigation Huntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover activity even when visibility is reduced to a “pinhole.” […]…

CISA warns Oracle Identity Manager RCE flaw is being actively exploited The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. […] Lawrence Abrams Go to bleepingcomputer

Grafana warns of max severity admin spoofing vulnerability Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. […] Bill Toulas Go to bleepingcomputer

CrowdStrike catches insider feeding information to hackers American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. […] Sergiu Gatlan Go to bleepingcomputer

Google exposes BadAudio malware used in APT24 espionage campaigns China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. […] Bill Toulas Go to bleepingcomputer

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. […] Bill Toulas Go to bleepingcomputer