Tag: bleepingcomputer

Monroe University says 2024 data breach affects 320,000 people Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. […] Sergiu Gatlan Go to bleepingcomputer

Ukraine’s army targeted in new charity-themed malware campaign Officials of Ukraine’s Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. […] Bill Toulas Go to bleepingcomputer

Facebook login thieves now using browser-in-browser trick Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

University of Hawaii Cancer Center hit by ransomware attack ​University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. […] Sergiu Gatlan Go to bleepingcomputer

Instagram denies breach amid claims of 17 million account data leak Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. […] Lawrence Abrams Go to bleepingcomputer

BreachForums hacking forum database leaked, exposing 324,000 accounts The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. […] Lawrence Abrams Go to bleepingcomputer

Spain arrests 34 suspects linked to Black Axe cyber crime Authorities in Spain have arrested 34 individuals allegedly part of a criminal network involved in cyber fraud and believed to be connected to the Black Axe group responsible for illicit activities across Europe. […] Bill Toulas Go to bleepingcomputer

Ireland recalls almost 13,000 passports over missing ‘IRL’ code Ireland’s Department of Foreign Affairs has recalled nearly 13,000 passports after a software update caused a printing defect. The printing error makes the documents non-compliant with international travel standards and potentially unreadable at automated border gates. […] Ax Sharma Go to bleepingcomputer

Illinois Department of Human Services data breach affects 700K people The Illinois Department of Human Services (IDHS), one of Illinois’ largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. […] Sergiu Gatlan Go to bleepingcomputer

CISA retires 10 emergency cyber orders in rare bulk closure The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. […] Lawrence Abrams Go to bleepingcomputer

FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. […] Bill Toulas Go to bleepingcomputer

New China-linked hackers breach telcos using edge device exploits A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. […] Bill Toulas Go to bleepingcomputer

Cisco warns of Identity Service Engine flaw with exploit code Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. […] Sergiu Gatlan Go to bleepingcomputer

CISA tags max severity HPE OneView flaw as actively exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

New GoBruteforcer attack wave targets crypto, blockchain projects A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. […] Bill Toulas Go to bleepingcomputer

Critical jsPDF flaw lets hackers steal secrets via generated PDFs The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. […] Bill Toulas Go to bleepingcomputer

Kimwolf Android botnet abuses residential proxies to infect internal devices The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. […] Bill Toulas Go to bleepingcomputer

ClickFix attack uses fake Windows BSOD screens to push malware A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. […] Bill Toulas Go to bleepingcomputer

US broadband provider Brightspeed investigates breach claims Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. […] Sergiu Gatlan Go to bleepingcomputer

Hackers claim to hack Resecurity, firm says it was a honeypot The ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. […] Lawrence Abrams Go to bleepingcomputer

Covenant Health says May data breach impacted nearly 478,000 patients The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. […] Ionut Ilascu Go to bleepingcomputer

Cryptocurrency theft attacks traced to 2022 LastPass breach Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. […] Lawrence Abrams Go to bleepingcomputer

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. […] Sergiu Gatlan Go to bleepingcomputer

The biggest cybersecurity and cyberattack stories of 2025 2025 was a big year for cybersecurity, with cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day flaws exploited in breaches. Some stories, though, were more impactful or popular with our readers than others. This article explores 15 of the biggest cybersecurity stories…

RondoDox botnet exploits React2Shell flaw to breach Next.js servers The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. […] Bill Toulas Go to bleepingcomputer

IBM warns of critical API Connect auth bypass vulnerability IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. […] Sergiu Gatlan Go to bleepingcomputer

Disney will pay $10 million to settle children’s data privacy lawsuit Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children’s Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. […] Sergiu Gatlan Go to bleepingcomputer

New ErrTraffic service enables ClickFix attacks via fake browser glitches A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions […] Bill Toulas Go to bleepingcomputer

European Space Agency confirms breach of “external servers” The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. […] Sergiu Gatlan Go to bleepingcomputer

Zoom Stealer browser extensions harvest corporate meeting intelligence A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. […] Bill Toulas Go to bleepingcomputer

US cybersecurity experts plead guilty to BlackCat ransomware attacks Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. […] Sergiu Gatlan Go to bleepingcomputer

Chinese state hackers use rootkit to hide ToneShell malware activity A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. […] Bill Toulas Go to bleepingcomputer

Coupang to split $1.17 billion among 33.7 million data breach victims Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. […] Bill Toulas Go to bleepingcomputer

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. […] Bill Toulas Go to bleepingcomputer

Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. […] Sergiu Gatlan Go to bleepingcomputer

The Real-World Attacks Behind OWASP Agentic AI Top 10 OWASP’s new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to malicious MCP servers. Koi Security breaks down real-world incidents behind multiple categories, including two cases cited by OWASP, showing how agent tools and runtime behavior are being abused.…

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. […] Ionut Ilascu Go to bleepingcomputer

Hacker claims to leak WIRED database with 2.3 million records A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. […] Lawrence Abrams Go to…

Fake Grubhub emails promise tenfold return on sent cryptocurrency Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. […] Ionut Ilascu Go to bleepingcomputer

Trust Wallet confirms extension hack led to $7 million crypto theft Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers.…

Trust Wallet Chrome extension hack tied to millions in losses Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. […]…

Fake MAS Windows activation domain used to spread PowerShell malware A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’. […] Bill Toulas Go to bleepingcomputer

MongoDB warns admins to patch severe RCE flaw immediately MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. […] Sergiu Gatlan Go to bleepingcomputer

WebRAT malware spread via fake vulnerability exploits on GitHub The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. […] Bill Toulas Go to bleepingcomputer

Malicious extensions in Chrome Web store steal user credentials Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. […] Bill Toulas Go to bleepingcomputer

Cyberattack knocks offline France’s postal, banking services The French national postal service’s online services were knocked offline by “a major network incident” on Monday, disrupting digital banking and other services for millions. […] Sergiu Gatlan Go to bleepingcomputer

Italy fines Apple $116 million over App Store privacy policy issues Italy’s competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. […] Sergiu Gatlan Go to bleepingcomputer

Baker University says 2024 data breach impacts 53,000 people Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. […] Sergiu Gatlan Go to bleepingcomputer

Nissan says thousands of customers exposed in Red Hat breach Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. […] Bill Toulas Go to bleepingcomputer

Malicious npm package steals WhatsApp accounts and messages A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. […] Bill Toulas Go to bleepingcomputer

Ukrainian hacker admits affiliate role in Nefilim ransomware gang A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. […] Sergiu Gatlan Go to bleepingcomputer

Critical RCE flaw impacts over 115,000 WatchGuard firewalls Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

RansomHouse upgrades encryption with multi-layered data processing The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. […] Bill Toulas Go to bleepingcomputer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. […] Bill Toulas Go to bleepingcomputer

Over 25,000 FortiCloud SSO devices exposed to remote attacks Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. […] Sergiu Gatlan Go to bleepingcomputer