Tag: bleepingcomputer

Critical flaw in Protobuf library enables JavaScript code execution Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. […] Bill Toulas Go to bleepingcomputer

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection. […] Sponsored by NAKIVO Go to bleepingcomputer

Payouts King ransomware uses QEMU VMs to bypass endpoint security The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. […] Bill Toulas Go to bleepingcomputer

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. […] Sponsored by Flare Go to bleepingcomputer

Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today’s cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. […]…

CISA flags Apache ActiveMQ flaw as actively exploited in attacks CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […] Sergiu Gatlan Go to bleepingcomputer

Man gets 30 months for selling thousands of hacked DraftKings accounts 23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. […] Sergiu Gatlan Go to bleepingcomputer

US nationals behind DPRK IT worker ‘laptop farm’ sent to prison Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. […] Sergiu Gatlan Go to bleepingcomputer

Critical Nginx UI auth bypass flaw now actively exploited in the wild A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. […] Bill Toulas Go to bleepingcomputer

New AgingFly malware used in attacks on Ukraine govt, hospitals A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. […] Bill Toulas Go to bleepingcomputer

WordPress plugin suite hacked to push malware to thousands of sites More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. […] Bill Toulas Go to bleepingcomputer

Over 100 Chrome Web Store extensions steal user accounts, data More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. […] Bill Toulas Go to bleepingcomputer

McGraw-Hill confirms data breach following extortion threat Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. […] Bill Toulas Go to bleepingcomputer

European Gym giant Basic-Fit data breach affects 1 million members Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. […] Bill Toulas Go to bleepingcomputer

Stolen Rockstar Games analytics data leaked by extortion gang Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. […] Lawrence Abrams Go to bleepingcomputer

Critical flaw in wolfSSL library enables forged certificate use A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. […] Bill Toulas Go to bleepingcomputer

FBI takedown of W3LL phishing service leads to developer arrest The FBI Atlanta Field Office and Indonesian authorities have dismantled the “W3LL” global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. […] Lawrence Abrams…

OpenAI rotates macOS certs after Axios attack hit code-signing workflow OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. […] Lawrence Abrams Go to bleepingcomputer

Critical Marimo pre-auth RCE flaw now under active exploitation A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. […] Bill Toulas Go to bleepingcomputer

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. […] Sergiu Gatlan Go to bleepingcomputer

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. […] Sponsored by Qualys Go to bleepingcomputer

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. […] Bill Toulas Go to bleepingcomputer

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. […] Bill Toulas Go to bleepingcomputer

New VENOM phishing attacks steal senior executives’ Microsoft logins Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. […] Bill Toulas Go to bleepingcomputer

Google Chrome adds infostealer protection against session cookie theft Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. […] Ionut Ilascu Go to bleepingcomputer

Smart Slider updates hijacked to push malicious WordPress, Joomla versions Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. […] Bill Toulas Go to bleepingcomputer

Hackers exploiting Acrobat Reader zero-day flaw since December Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. […] Sergiu Gatlan Go to bleepingcomputer

Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. […] Sergiu Gatlan Go to bleepingcomputer

Hackers use pixel-large SVG trick to hide credit card stealer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. […] Bill Toulas Go to bleepingcomputer

Google: New UNC6783 hackers steal corporate Zendesk support tickets A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. […] Bill Toulas Go to bleepingcomputer

Hackers exploit critical flaw in Ninja Forms WordPress plugin A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. […] Bill Toulas Go to bleepingcomputer

FBI: Americans lost a record $21 billion to cybercrime last year U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. […] Bill Toulas Go to bleepingcomputer

Snowflake customers hit in data theft attacks after SaaS integrator breach Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. […] Lawrence Abrams Go to bleepingcomputer

US warns of Iranian hackers targeting critical infrastructure Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. […] Sergiu Gatlan Go to bleepingcomputer

Traffic violation scams switch to QR codes in new phishing texts Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. […] Lawrence Abrams Go…

New FortiClient EMS flaw exploited in attacks, emergency patch released Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit React2Shell in automated credential theft campaign Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. […] Bill Toulas Go to bleepingcomputer

Axios npm hack used fake Teams error fix to hijack maintainer account The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. […] Lawrence Abrams Go to bleepingcomputer

Device code phishing attacks surge 37x as new kits spread online Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. […] Bill Toulas Go to bleepingcomputer

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […] Lawrence Abrams Go to bleepingcomputer

LinkedIn secretely scans for 6,000+ Chrome extensions, collects data A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. […] Lawrence Abrams Go to bleepingcomputer

Hims & Hers warns of data breach after Zendesk support ticket breach Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. […] Bill Toulas Go to bleepingcomputer

Die Linke German political party confirms data stolen by Qilin ransomware The Qilin ransomware group has claimed responsibility for an attack against Die Linke (‘The Left’), forcing an IT systems outage at the political party, and threatening sensitive data leak. […] Bill Toulas Go to bleepingcomputer

Evolution of Ransomware: Multi-Extortion Ransomware Attacks Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. […] Sponsored by Penta Security Go to bleepingcomputer

Man admits to locking thousands of Windows devices in extortion plot A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. […] Sergiu Gatlan Go to bleepingcomputer

CERT-EU: European Commission hack exposes data of 30 EU entities The European Union’s Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. […] Sergiu Gatlan Go to bleepingcomputer

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

New CrystalRAT malware adds RAT, stealer and prankware features A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. […] Bill Toulas Go to bleepingcomputer

Dutch Finance Ministry takes treasury banking portal offline after breach The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. […] Sergiu Gatlan Go to bleepingcomputer

CISA orders feds to patch actively exploited Citrix flaw by Thursday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. […] Sergiu Gatlan Go to bleepingcomputer

New RoadK1ll WebSocket implant used to pivot on breached networks A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. […] Bill Toulas Go to bleepingcomputer

Critical Fortinet Forticlient EMS flaw now exploited in attacks Attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform, according to threat intelligence company Defused. […] Sergiu Gatlan Go to bleepingcomputer

European Commission confirms data breach after Europa.eu hack The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. […] Sergiu Gatlan Go to bleepingcomputer

FBI confirms hack of Director Patel’s personal email inbox The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. […] Ionut Ilascu Go to bleepingcomputer

File read flaw in Smart Slider plugin impacts 500K WordPress sites A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. […] Bill Toulas Go to bleepingcomputer

New Infinity Stealer malware grabs macOS data via ClickFix lures A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. […] Bill Toulas Go to bleepingcomputer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. […] Bill Toulas Go to bleepingcomputer

Fake VS Code alerts on GitHub spread malware to developers A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. […] Bill Toulas Go to bleepingcomputer

Agentic GRC: Teams Get the Tech. The Mindset Shift Is What’s Missing. Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. […] Sponsored by Anecdotes Go to bleepingcomputer

European Commission investigating breach after Amazon cloud account hack The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment. […] Sergiu Gatlan Go to bleepingcomputer

Anti-piracy coalition takes down AnimePlay app with 5 million users The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. […] Sergiu Gatlan Go to bleepingcomputer

Dutch Police discloses security breach after phishing attack The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn’t affected citizens’ data. […] Sergiu Gatlan Go to bleepingcomputer

Ajax football club hack exposed fan data, enabled ticket hijack Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. […] Bill Toulas Go to bleepingcomputer