Tag: bleepingcomputer

Infostealer campaign compromises 10 npm packages, targets devs Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. […] Bill Toulas Go to bleepingcomputer

Chinese FamousSparrow hackers deploy upgraded malware in attacks A China-linked cyberespionage group known as ‘FamousSparrow’ was observed using a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organization. […] Bill Toulas Go to bleepingcomputer

Oracle customers confirm data stolen in alleged cloud breach is valid Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. […] Lawrence Abrams Go to…

StreamElements discloses third-party data breach after hacker leaks data Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. […] Bill Toulas Go to bleepingcomputer

New Atlantis AIO platform automates credential stuffing on 140 services A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. […] Bill Toulas Go to bleepingcomputer

CrushFTP warns users to patch unauthenticated access flaw immediately CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. […] Sergiu Gatlan Go to bleepingcomputer

Broadcom warns of authentication bypass in VMware Windows Tools Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. […] Sergiu Gatlan Go to bleepingcomputer

23andMe files for bankruptcy, customers advised to delete DNA data ​California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. […] Sergiu Gatlan Go to bleepingcomputer

New VanHelsing ransomware targets Windows, ARM, ESXi systems A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. […] Bill Toulas Go to bleepingcomputer

Cyberattack takes down Ukrainian state railway’s online services Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. […] Bill Toulas Go to bleepingcomputer

DrayTek routers worldwide go into reboot loops over weekend Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. […] Sergiu Gatlan Go to bleepingcomputer

Chinese Weaver Ant hackers spied on telco network for 4 years A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  […] Bill Toulas Go to bleepingcomputer

FBI warnings are true—fake file converters do push malware The FBI is warning that fake online document converters are being used to steal people’s information and, in worst-case scenarios, lead to ransomware attacks. […] Lawrence Abrams Go to bleepingcomputer

Cloudflare now blocks all unencrypted traffic to its API endpoints Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. […] Bill Toulas Go to bleepingcomputer

Microsoft Trusted Signing service abused to code-sign malware Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Trust Signing service abused to code-sign malware Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […] Lawrence Abrams Go to bleepingcomputer

Coinbase was primary target of recent GitHub Actions breaches Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. […] Lawrence Abrams Go to bleepingcomputer

Oracle denies breach after hacker claims theft of 6 million data records Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated SSO login servers […] Sergiu Gatlan Go to bleepingcomputer

Veeam RCE bug lets domain users hack backup servers, patch now Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. […] Lawrence Abrams Go to bleepingcomputer

CISA tags NAKIVO backup flaw as actively exploited in attacks CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. […] Sergiu Gatlan Go to bleepingcomputer

VSCode extensions found downloading early-stage ransomware Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft’s review process. […] Bill Toulas Go to bleepingcomputer

Critical Cisco Smart Licensing Utility flaws now exploited in attacks Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. […] Sergiu Gatlan Go to bleepingcomputer

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. […] Sergiu Gatlan Go to bleepingcomputer

Malware campaign ‘DollyWay’ breached 20,000 WordPress sites A malware operation dubbed ‘DollyWay’ has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. […] Bill Toulas Go to bleepingcomputer

Pennsylvania education union data breach hit 500,000 people The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. […] Sergiu Gatlan Go to bleepingcomputer

Ukrainian military targeted in new Signal spear-phishing attacks Ukraine’s Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country’s army forces. […] Bill Toulas Go to bleepingcomputer

Sperm donation giant California Cryobank warns of a data breach US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers’ personal information. […] Lawrence Abrams Go to bleepingcomputer

GitHub Action hack likely led to another in cascading supply chain attack A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. […] Bill Toulas Go to bleepingcomputer

Western Alliance Bank notifies 21,899 customers of data breach Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor’s secure file transfer software was breached. […] Sergiu Gatlan Go to bleepingcomputer

Telegram CEO leaves France temporarily as criminal probe continues French authorities have allowed Pavel Durov, Telegram’s CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. […] Sergiu Gatlan Go to bleepingcomputer

Supply chain attack on popular GitHub Action exposes CI/CD secrets A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. […] Bill Toulas Go to bleepingcomputer

Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. […] Lawrence Abrams Go to bleepingcomputer

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. […] Bill Toulas Go to bleepingcomputer

New Akira ransomware decryptor cracks encryptions keys using GPUs Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. […] Bill Toulas Go to bleepingcomputer

Coinbase phishing email tricks users with fake wallet migration A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. […] Lawrence Abrams Go to bleepingcomputer

Ransomware gang creates tool to automate VPN brute-force attacks The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. […] Bill Toulas Go to bleepingcomputer

Cisco IOS XR vulnerability lets attackers crash BGP on routers Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. […] Sergiu Gatlan Go to bleepingcomputer

New SuperBlack ransomware exploits Fortinet auth bypass flaws A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. […] Bill Toulas Go to bleepingcomputer

Juniper patches bug that let Chinese cyberspies backdoor routers ​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. […] Sergiu Gatlan Go to bleepingcomputer

Facebook discloses FreeType 2 flaw exploited in attacks Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. […] Bill Toulas Go to bleepingcomputer

CISA: Medusa ransomware hit over 300 critical infrastructure orgs CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. […] Sergiu Gatlan Go to bleepingcomputer

Garantex crypto exchange admin arrested while on vacation Indian authorities arrested Aleksej Besciokov, the co-founder and one of the administrators of the Russian Garantex crypto-exchange while vacationing with his family in Varkala, India. […] Sergiu Gatlan Go to bleepingcomputer

X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. […] Lawrence Abrams Go to bleepingcomputer

US govt says Americans lost record $12.5 billion to fraud in 2024 The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. […] Sergiu Gatlan Go to bleepingcomputer

FTC will send $25.5 million to victims of tech support scams ​Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimage’s scare tactics. […] Sergiu Gatlan Go to bleepingcomputer

US cities warn of wave of unpaid parking phishing texts US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city’s parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. […] Lawrence Abrams Go to bleepingcomputer

Developer guilty of using kill switch to sabotage employer’s systems A software developer has been found guilty of sabotaging his ex-employer’s systems by running custom malware and installing a “kill switch” after being demoted at the company. […] Lawrence Abrams Go to bleepingcomputer

YouTubers extorted via copyright strikes to spread malware Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. […] Bill Toulas Go to bleepingcomputer

Unpatched Edimax IP camera flaw actively exploited in botnet attacks A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. […] Bill Toulas Go to bleepingcomputer

Employee charged with stealing unreleased movies, sharing them online A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. […] Sergiu Gatlan Go to bleepingcomputer

US charges Garantex admins with money laundering, sanctions violations The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. […] Sergiu Gatlan Go to bleepingcomputer

Data breach at Japanese telecom giant NTT hits 18,000 companies Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. […] Bill Toulas Go to bleepingcomputer

Ransomware gang encrypted network from a webcam to bypass EDR The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. […] Bill Toulas Go to bleepingcomputer

Cybercrime ‘crew’ stole $635,000 in Taylor Swift concert tickets New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. […] Sergiu Gatlan Go to bleepingcomputer

US charges Chinese hackers linked to critical infrastructure breaches The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. […] Sergiu Gatlan Go to bleepingcomputer

YouTube warns of AI-generated video of its CEO used in phishing attacks YouTube warns that scammers are using an AI-generated video featuring the company’s CEO in phishing attacks to steal creators’ credentials. […] Sergiu Gatlan Go to bleepingcomputer

Fake BianLian ransom notes mailed to US CEOs in postal mail scam Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. […] Lawrence Abrams Go to bleepingcomputer

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. […] Lawrence Abrams Go to bleepingcomputer