Category: Security

CISA warns Oracle Identity Manager RCE flaw is being actively exploited The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. […] Lawrence Abrams Go to bleepingcomputer

Grafana warns of max severity admin spoofing vulnerability Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. […] Bill Toulas Go to bleepingcomputer

CrowdStrike catches insider feeding information to hackers American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. […] Sergiu Gatlan Go to bleepingcomputer

Google exposes BadAudio malware used in APT24 espionage campaigns China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. […] Bill Toulas Go to bleepingcomputer

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. […] Bill Toulas Go to bleepingcomputer

GlobalProtect VPN portals probed with 2.3 million scan sessions A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. […] Bill Toulas Go to bleepingcomputer

Salesforce investigates customer data theft via Gainsight breach Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. […] Sergiu Gatlan Go to bleepingcomputer

New SonicWall SonicOS flaw allows hackers to crash firewalls American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. […] Sergiu Gatlan Go to bleepingcomputer

Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving “customers” the option to launch highly deceptive attacks. […] Bill Toulas Go to bleepingcomputer

Fortinet warns of new FortiWeb zero-day exploited in attacks Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. […] Sergiu Gatlan Go to bleepingcomputer

RondoDox botnet malware now hacks servers using XWiki flaw The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. […] Bill Toulas Go to bleepingcomputer

Decades-old ‘Finger’ protocol abused in ClickFix malware attacks The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. […] Lawrence Abrams Go to bleepingcomputer

Jaguar Land Rover cyberattack cost the company over $220 million Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. […] Bill Toulas Go to bleepingcomputer

Logitech confirms data breach after Clop extortion attack Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. […] Lawrence Abrams Go to bleepingcomputer

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. […] Sergiu Gatlan Go to bleepingcomputer

Checkout.com snubs hackers after data breach, to donate ransom instead UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. […] Bill Toulas Go to bleepingcomputer

ASUS warns of critical auth bypass flaw in DSL series routers ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. […] Sergiu Gatlan Go to bleepingcomputer

DoorDash hit by new data breach in October exposing user information DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident. […] Ax Sharma Go to bleepingcomputer

Fortinet FortiWeb flaw with public PoC exploited to create admin users A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication […] Lawrence Abrams Go to bleepingcomputer

Kraken ransomware benchmarks systems for optimal encryption choice The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them. […] Bill Toulas Go to bleepingcomputer

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks.  […] Lawrence Abrams Go to bleepingcomputer

Windows 11 now supports 3rd-party apps for native passkey management Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. […] Bill Toulas Go to bleepingcomputer

DanaBot malware is back to infecting Windows after 6-month break The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. […] Bill Toulas Go to bleepingcomputer

Extending Zero Trust to AI Agents: “Never Trust, Always Verify” Goes Autonomous As AI agents gain autonomy to act, decide, and access data, traditional Zero Trust models fall short. Token Security explains how to extend “never trust, always verify” to agentic AI with scoped access, continuous monitoring, and human accountability. […] Sponsored by Token Security…

Rhadamanthys infostealer disrupted as cybercriminals lose server access The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. […] Lawrence Abrams Go to bleepingcomputer

Hackers abuse Triofox antivirus feature to deploy remote access tools Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet’s Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. […] Bill Toulas Go to bleepingcomputer

APT37 hackers abuse Google Find Hub in Android data-wiping attacks North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. […] Bill Toulas Go to bleepingcomputer

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Samsung zero-day used in spyware attacks CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. […] Sergiu Gatlan Go to bleepingcomputer

Yanluowang initial access broker pleaded guilty to ransomware attacks A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. […] Sergiu Gatlan Go to bleepingcomputer

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups. The update adds MSP Direct Connect for secure client management and a multilingual interface supporting seven languages. […] Sponsored by Nakivo Go to bleepingcomputer

Lost iPhone? Don’t fall for phishing texts saying it was found The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. […] Lawrence Abrams Go to bleepingcomputer

Dangerous runC flaws could allow hackers to escape Docker containers Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. […] Bill Toulas Go to bleepingcomputer

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. […] Bill Toulas Go to bleepingcomputer

Malicious NuGet packages drop disruptive ‘time bombs’ Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. […] Bill Toulas Go to bleepingcomputer

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. […] Sergiu Gatlan Go to bleepingcomputer

Cisco: Actively exploited firewall flaws now abused for DoS attacks Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. […] Sergiu Gatlan Go to bleepingcomputer

Continuous Purple Teaming: Turning Red-Blue Rivalry into Real Defense Red and blue teams often operate independently, but attackers don’t. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. […] Sponsored by Picus Security Go to bleepingcomputer

ClickFix malware attacks evolve with multi-OS support, video tutorials ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic  detection of the operating system to provide the correct commands. […] Bill Toulas Go to bleepingcomputer

Sandworm hackers use data wipers to disrupt Ukraine’s grain sector Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. […] Bill Toulas Go to bleepingcomputer

Gootloader malware is back with new tricks after 7-month break The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. […] Lawrence Abrams Go to bleepingcomputer

Hyundai AutoEver America data breach exposes SSNs, drivers licenses Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information. […] Bill Toulas Go to bleepingcomputer

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. […] Bill Toulas Go to bleepingcomputer

Apache OpenOffice disputes data breach claims by ransomware gang The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. […] Bill Toulas Go to bleepingcomputer

Fake Solidity VSCode extension on Open VSX backdoors developers A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. […] Bill Toulas Go to bleepingcomputer

US cybersecurity experts indicted for BlackCat ransomware attacks Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. […] Sergiu Gatlan Go to bleepingcomputer

Penn hacker claims to have stolen 1.2 million donor records in data breach A hacker has taken responsibility for last week’s University of Pennsylvania “We got hacked” email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. […] Lawrence Abrams Go to bleepingcomputer

Open VSX rotates access tokens used in supply-chain malware attack The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. […] Bill Toulas Go to bleepingcomputer

China-linked hackers exploited Lanscope flaw as a zero-day in attacks China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. […] Bill Toulas Go to bleepingcomputer

‘We got hacked’ emails threaten to leak University of Pennsylvania data The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. […] Lawrence Abrams Go to bleepingcomputer

Australia warns of BadCandy infections on unpatched Cisco devices The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. […] Bill Toulas Go to bleepingcomputer

Why password controls still matter in cybersecurity Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. […] Sponsored by Specops Software Go to bleepingcomputer

Ukrainian extradited from Ireland on Conti ransomware charges A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. […] Sergiu Gatlan Go to bleepingcomputer

Major telecom services provider Ribbon breached by state hackers Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. […] Sergiu Gatlan Go to bleepingcomputer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. […] Bill Toulas Go to bleepingcomputer

WordPress security plugin exposes private data to site subscribers The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. […] Bill Toulas Go to bleepingcomputer

Advertising giant Dentsu reports data breach at subsidiary Merkle Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident  that exposed staff and client data. […] Bill Toulas Go to bleepingcomputer

CISA warns of two more actively exploited Dassault vulnerabilities The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. […] Sergiu Gatlan Go to bleepingcomputer

Qilin ransomware abuses WSL to run Linux encryptors in Windows The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. […] Lawrence Abrams Go to bleepingcomputer

Google disputes false claims of massive Gmail data breach Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. […] Lawrence Abrams Go to bleepingcomputer

X: Re-enroll 2FA security keys by November 10 or get locked out X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. […] Lawrence Abrams Go to bleepingcomputer

Ransomware profits drop as victims stop paying hackers The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. […] Bill Toulas Go to bleepingcomputer

QNAP warns of critical ASP.NET flaw in its Windows backup software QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. […] Sergiu Gatlan Go to bleepingcomputer

Hackers steal Discord accounts with RedTiger-based infostealer Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. […] Bill Toulas Go to bleepingcomputer

Hackers launch mass attacks exploiting outdated WordPress plugins A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). […] Bill Toulas Go to bleepingcomputer

How to reduce costs with self-service password resets Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […] Sponsored by Specops Software Go to…

Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland ​The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. […] Sergiu Gatlan Go to bleepingcomputer