Tag: bleepingcomputer

ConnectWise rotating code signing certificates over security concerns ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. […] Bill Toulas Go to bleepingcomputer

New Secure Boot flaw lets attackers install bootkit malware, patch now Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. […] Lawrence Abrams Go to bleepingcomputer

Stolen Ticketmaster data from Snowflake attacks briefly for sale again The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Over 84,000 Roundcube instances vulnerable to actively exploited flaw Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. […] Bill Toulas Go to bleepingcomputer

SentinelOne shares new details on China-linked breach attempt SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. […] Bill Toulas Go to bleepingcomputer

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). […] Lawrence Abrams Go to bleepingcomputer

Malicious npm packages posing as utilities delete project directories Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. […] Bill Toulas Go to bleepingcomputer

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. […] Lawrence Abrams Go to bleepingcomputer

New PathWiper data wiper malware hits critical infrastructure in Ukraine A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. […] Bill Toulas Go to bleepingcomputer

Critical Fortinet flaws now exploited in Qilin ransomware attacks The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. […] Sergiu Gatlan Go to bleepingcomputer

Police arrests 20 suspects for distributing child sexual abuse content Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. […] Sergiu Gatlan Go to bleepingcomputer

Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. […] Lawrence Abrams Go to bleepingcomputer

ViLE gang members sentenced for extortion, police portal breach Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. […] Sergiu Gatlan Go to bleepingcomputer

US offers $10M for tips on state hackers tied to RedLine malware The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. […] Sergiu Gatlan Go to bleepingcomputer

FBI: Play ransomware breached 900 victims, including critical orgs In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. […] Sergiu Gatlan Go…

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. […] Bill Toulas Go to bleepingcomputer

Cartier discloses data breach amid fashion brand cyberattacks Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised. […] Lawrence Abrams Go to bleepingcomputer

The North Face warns customers of April credential stuffing attack Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. […] Bill Toulas Go to bleepingcomputer

Exploit details for max severity Cisco IOS XE flaw now public Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. […] Bill Toulas Go to bleepingcomputer

Hackers are exploiting critical flaw in vBulletin forum software Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. […] Bill Toulas Go to bleepingcomputer

Germany doxxes Conti ransomware and TrickBot ring leader The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. […] Sergiu Gatlan Go to bleepingcomputer

Getting Exposure Management Right: Insights from 500 CISOs Pentesting isn’t just about finding flaws — it’s about knowing which ones matter. Pentera’s 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach…

ConnectWise breached in cyberattack linked to nation-state hackers IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. […] Lawrence Abrams Go to bleepingcomputer

Apple Safari exposes users to fullscreen browser-in-the-middle attacks A weakness in Apple’s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. […] Bill Toulas Go to bleepingcomputer

Data broker LexisNexis discloses data breach affecting 364,000 people Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. […] Sergiu Gatlan Go to bleepingcomputer

APT41 malware abuses Google Calendar for stealthy C2 communication The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. […] Bill Toulas Go to bleepingcomputer

DragonForce ransomware abuses SimpleHelp in MSP supply chain attack The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers’ systems. […] Lawrence Abrams Go to bleepingcomputer

Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. […] Lawrence Abrams Go to…

Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable Not every “critical” vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what’s actually exploitable in your environment — so you can patch what matters. […] Sponsored by Picus Security Go to bleepingcomputer

MATLAB dev confirms ransomware attack behind service outage MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. […] Sergiu Gatlan Go to bleepingcomputer

Adidas warns of data breach after customer service provider hack German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers’ data. […] Sergiu Gatlan Go to bleepingcomputer

Glitch to end app hosting and user profiles on July 8 Glitch has announced it is ending app hosting and user profiles on July 8, 2025, responding to changing market dynamics and extensive abuse problems that have raised operational costs. […] Bill Toulas Go to bleepingcomputer

Dozens of malicious packages on NPM collect host and network data 60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. […] Bill Toulas Go to bleepingcomputer

FBI warns of Luna Moth extortion attacks targeting law firms The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. […] Sergiu Gatlan Go to bleepingcomputer

TikTok videos now push infostealer malware in ClickFix attacks Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. […] Sergiu Gatlan Go to bleepingcomputer

Police takes down 300 servers in ransomware supply-chain crackdown In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer

US indicts leader of Qakbot botnet linked to ransomware attacks The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. […] Ionut Ilascu Go to bleepingcomputer

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […] Bill Toulas Go to bleepingcomputer

Critical Samlify SSO flaw lets attackers log in as admin A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […] Bill Toulas Go to bleepingcomputer

Russian hackers breach orgs to track aid routes to Ukraine A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […] Ionut Ilascu Go to bleepingcomputer

Coinbase says recent data breach impacts 69,461 customers Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals […] Sergiu Gatlan Go to bleepingcomputer

PowerSchool hacker pleads guilty to student data extortion scheme A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. […] Lawrence Abrams Go to bleepingcomputer

Premium WordPress ‘Motors’ theme vulnerable to admin takeover attacks A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. […] Bill Toulas Go to bleepingcomputer

VanHelsing ransomware builder leaked on hacking forum The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. […] Lawrence Abrams Go to bleepingcomputer

Fake KeePass password manager leads to ESXi ransomware attack Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. […] Lawrence Abrams Go to bleepingcomputer

O2 UK patches bug leaking mobile user location from call metadata A flaw in O2 UK’s implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. […] Bill Toulas Go to bleepingcomputer

Arla Foods confirms cyberattack disrupts production, causes delays Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. […] Bill Toulas Go to bleepingcomputer

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. […] Sergiu Gatlan Go to bleepingcomputer

Printer maker Procolored offered malware-laced drivers for months For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. […] Bill Toulas Go to bleepingcomputer

CISA tags recently patched Chrome bug as actively exploited On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. […] Sergiu Gatlan Go to bleepingcomputer