Tag: bleepingcomputer

WordPress ad-fraud plugins generated 1.4 billion ad requests per day A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. […] Bill Toulas Go to bleepingcomputer

State-sponsored hackers embrace ClickFix social engineering tactic ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. […] Bill Toulas Go to bleepingcomputer

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. […] Lawrence Abrams Go to bleepingcomputer

Interlock ransomware gang pushes fake IT tools in ClickFix attacks The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. […] Bill Toulas Go to bleepingcomputer

FBI: Scammers pose as FBI IC3 employees to ‘help’ recover lost funds The FBI warns that scammers posing as FBI IC3 employees are offering to “help” fraud victims recover money lost to other scammers. […] Sergiu Gatlan Go to bleepingcomputer

SonicWall SMA VPN devices targeted in attacks since January A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. […] Sergiu Gatlan Go to bleepingcomputer

Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. […] Lawrence Abrams Go to bleepingcomputer

Entertainment services giant Legends International discloses data breach Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. […] Bill Toulas Go to bleepingcomputer

Windows NTLM hash leak flaw exploited in phishing attacks on governments A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. […] Bill Toulas Go to bleepingcomputer

Chrome extensions with 6 million installs have hidden tracking code A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. […] Bill Toulas Go to bleepingcomputer

Ahold Delhaize confirms data theft after INC ransomware claims attack Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. […] Bill Toulas Go to bleepingcomputer

CISA tags SonicWall VPN flaw as actively exploited in attacks On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Over 16,000 Fortinet devices compromised with symlink backdoor Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. […] Lawrence Abrams Go to bleepingcomputer

MITRE warns that funding for critical CVE program expires today MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. […] Sergiu Gatlan Go to bleepingcomputer

Midnight Blizzard deploys new GrapeLoader malware in embassy phishing Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. […] Bill Toulas Go to bleepingcomputer

Landmark Admin data breach impact now reaches 1.6 million people Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. […] Bill Toulas Go to bleepingcomputer

Infamous message board 4chan taken down following major hack 4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. […] Sergiu Gatlan Go to bleepingcomputer

Hertz confirms customer info, drivers’ licenses stolen in data breach Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. […] Lawrence Abrams Go to bleepingcomputer

Govtech giant Conduent confirms client data stolen in January cyberattack American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. […] Lawrence Abrams Go to bleepingcomputer

Cybersecurity firm buying hacker forum accounts to spy on cybercriminals Swiss cybersecurity firm Prodaft has launched a new initiative called ‘Sell your Source’ where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. […] Bill Toulas Go to bleepingcomputer

SSL/TLS certificate lifespans reduced to 47 days by 2029 The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. […] Bill Toulas Go to bleepingcomputer

Tycoon2FA phishing kit targets Microsoft 365 with new tricks Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. […] Bill Toulas Go to bleepingcomputer

AI-hallucinated code dependencies become new supply chain risk A new class of supply chain attacks named ‘slopsquatting’ has emerged from the increased use of generative AI tools for coding and the model’s tendency to “hallucinate” non-existent package names. […] Bill Toulas Go to bleepingcomputer

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit WordPress plugin auth bypass hours after disclosure Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. […] Bill Toulas Go to bleepingcomputer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. […] Bill Toulas Go to bleepingcomputer

Oracle says “obsolete servers” hacked, denies cloud breach Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as “two obsolete servers.” […] Sergiu Gatlan Go to bleepingcomputer

Everest ransomware’s dark web leak site defaced, now offline The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. […] Sergiu Gatlan Go to bleepingcomputer

Google fixes Android zero-days exploited in attacks, 60 other flaws Google has released patches for 62 vulnerabilities in Android’s April 2025 security update, including two zero-days exploited in targeted attacks. […] Sergiu Gatlan Go to bleepingcomputer

Carding tool abusing WooCommerce API downloaded 34K times on PyPI A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. […] Bill Toulas Go to bleepingcomputer

WinRAR flaw bypasses Windows Mark of the Web security alerts A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. […] Ionut Ilascu Go to bleepingcomputer

Port of Seattle says ransomware breach impacts 90,000 people ​Port of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. […] Sergiu Gatlan Go to bleepingcomputer

Australian pension funds hit by wave of credential stuffing attacks Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. […] Sergiu Gatlan Go to bleepingcomputer

Europcar GitLab breach exposes data of up to 200,000 customers A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. […] Ionut Ilascu Go to bleepingcomputer

Max severity RCE flaw discovered in widely used Apache Parquet A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. […] Bill Toulas Go to bleepingcomputer

Hunters International shifts from ransomware to pure data extortion The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. […] Sergiu Gatlan Go to bleepingcomputer

CISA warns of Fast Flux DNS evasion used by cybercrime gangs CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. […] Bill Toulas Go to bleepingcomputer

Ivanti patches Connect Secure zero-day exploited since mid-March Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. […] Sergiu Gatlan Go to bleepingcomputer

Genetic data site openSNP to close and delete data over privacy concerns The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. […] Bill Toulas Go to bleepingcomputer

GitHub expands security tools after 39 million secrets leaked in 2024 Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. […] Bill Toulas Go to bleepingcomputer

Royal Mail investigates data leak claims, no impact on operations ​Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company’s systems. […] Sergiu Gatlan Go to bleepingcomputer

North Korean IT worker army expands operations in Europe ​North Korea’s IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. […] Sergiu Gatlan Go to bleepingcomputer

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain A RAR file, a fake summons, and a Nietzsche quote—all part of a multi-stage malware chain delivering DCRat & Rhadamanthys. Acronis TRU breaks down how attackers use VBS, batch, and PowerShell scripts to slip past defenses. […] Sponsored by Acronis Go to bleepingcomputer

Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). […] Bill Toulas Go to bleepingcomputer

Hackers abuse WordPress MU-Plugins to hide malicious code Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. […] Bill Toulas Go to bleepingcomputer

Retail giant Sam’s Club investigates Clop ransomware breach claims ​Sam’s Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. […] Sergiu Gatlan Go to bleepingcomputer

OpenAI now pays researchers $100,000 for critical vulnerabilities Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for “exceptional and differentiated” critical security vulnerabilities from $20,000 to $100,000. […] Sergiu Gatlan Go to bleepingcomputer

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. […] Bill Toulas Go to bleepingcomputer