no alarms and no surprises please..

OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. […] Lawrence Abrams Go to bleepingcomputer

The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals Black Friday 2025 is almost here, and early deals are already live across security software, online courses, system administration tools, antivirus products, and VPN services. These discounts are limited-time offers and vary by provider, so if you see something that fits your needs, it’s best…

FBI: Cybercriminals stole $262M by impersonating bank support teams The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer

Tor switches to new Counter Galois Onion relay encryption algorithm Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). […] Bill Toulas Go to bleepingcomputer

Malicious Blender model files deliver StealC infostealing malware A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. […] Bill Toulas Go to bleepingcomputer

ClickFix attack uses fake Windows Update screen to push malware New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. […] Bill Toulas Go to bleepingcomputer

Real-estate finance services giant SitusAMC breach exposes client data SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. […] Bill Toulas Go to bleepingcomputer

SCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native Patching Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1’s cloud-native patching keeps devices updated from any location, strengthening compliance and security. […] Sponsored by Action1 Go to bleepingcomputer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […] Bill Toulas Go to bleepingcomputer

Enterprise password security and secrets management with Passwork 7 Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. […] Sponsored by Passwork Go to bleepingcomputer

Iberia discloses customer data leak after vendor security breach Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the…

New Costco Gold Star Members also get a $40 Digital Costco Shop Card The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco. Right now, you…

WhatsApp API flaw let researchers scrape 3.5 billion accounts Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. […] Lawrence Abrams Go to bleepingcomputer

Cox Enterprises discloses Oracle E-Business Suite data breach Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. […] Bill Toulas Go to bleepingcomputer

Piecing Together the Puzzle: A Qilin Ransomware Investigation Huntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover activity even when visibility is reduced to a “pinhole.” […]…

CISA warns Oracle Identity Manager RCE flaw is being actively exploited The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. […] Lawrence Abrams Go to bleepingcomputer

Grafana warns of max severity admin spoofing vulnerability Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. […] Bill Toulas Go to bleepingcomputer

CrowdStrike catches insider feeding information to hackers American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. […] Sergiu Gatlan Go to bleepingcomputer