Tag: bleepingcomputer

Malicious Blender model files deliver StealC infostealing malware A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. […] Bill Toulas Go to bleepingcomputer

ClickFix attack uses fake Windows Update screen to push malware New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. […] Bill Toulas Go to bleepingcomputer

Real-estate finance services giant SitusAMC breach exposes client data SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. […] Bill Toulas Go to bleepingcomputer

SCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native Patching Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1’s cloud-native patching keeps devices updated from any location, strengthening compliance and security. […] Sponsored by Action1 Go to bleepingcomputer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […] Bill Toulas Go to bleepingcomputer

Enterprise password security and secrets management with Passwork 7 Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. […] Sponsored by Passwork Go to bleepingcomputer

Iberia discloses customer data leak after vendor security breach Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the…

New Costco Gold Star Members also get a $40 Digital Costco Shop Card The holidays can be hard on any budget, but there may be a way to make it a little easier. Instead of dashing through the snow all around town, get all your shopping done under one roof at Costco. Right now, you…

WhatsApp API flaw let researchers scrape 3.5 billion accounts Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. […] Lawrence Abrams Go to bleepingcomputer

Cox Enterprises discloses Oracle E-Business Suite data breach Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. […] Bill Toulas Go to bleepingcomputer

Piecing Together the Puzzle: A Qilin Ransomware Investigation Huntress analysts reconstructed a Qilin ransomware attack from a single endpoint, using limited logs to reveal rogue ScreenConnect access, failed infostealer attempts, and the ransomware execution path. The investigation shows how validating multiple data sources can uncover activity even when visibility is reduced to a “pinhole.” […]…

CISA warns Oracle Identity Manager RCE flaw is being actively exploited The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. […] Lawrence Abrams Go to bleepingcomputer

Grafana warns of max severity admin spoofing vulnerability Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. […] Bill Toulas Go to bleepingcomputer

CrowdStrike catches insider feeding information to hackers American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. […] Sergiu Gatlan Go to bleepingcomputer

Google exposes BadAudio malware used in APT24 espionage campaigns China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. […] Bill Toulas Go to bleepingcomputer

Hacker claims to steal 2.3TB data from Italian rail group, Almaviva Data from Italy’s national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization’s IT services provider, Almaviva. […] Bill Toulas Go to bleepingcomputer

GlobalProtect VPN portals probed with 2.3 million scan sessions A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. […] Bill Toulas Go to bleepingcomputer

Salesforce investigates customer data theft via Gainsight breach Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. […] Sergiu Gatlan Go to bleepingcomputer

New SonicWall SonicOS flaw allows hackers to crash firewalls American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. […] Sergiu Gatlan Go to bleepingcomputer

Sneaky2FA PhaaS kit now uses redteamers’ Browser-in-the-Browser attack Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving “customers” the option to launch highly deceptive attacks. […] Bill Toulas Go to bleepingcomputer

Fortinet warns of new FortiWeb zero-day exploited in attacks Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. […] Sergiu Gatlan Go to bleepingcomputer

RondoDox botnet malware now hacks servers using XWiki flaw The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. […] Bill Toulas Go to bleepingcomputer

Decades-old ‘Finger’ protocol abused in ClickFix malware attacks The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. […] Lawrence Abrams Go to bleepingcomputer

Jaguar Land Rover cyberattack cost the company over $220 million Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. […] Bill Toulas Go to bleepingcomputer

Logitech confirms data breach after Clop extortion attack Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. […] Lawrence Abrams Go to bleepingcomputer

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. […] Sergiu Gatlan Go to bleepingcomputer

Checkout.com snubs hackers after data breach, to donate ransom instead UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. […] Bill Toulas Go to bleepingcomputer

ASUS warns of critical auth bypass flaw in DSL series routers ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. […] Sergiu Gatlan Go to bleepingcomputer

DoorDash hit by new data breach in October exposing user information DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident. […] Ax Sharma Go to bleepingcomputer

Fortinet FortiWeb flaw with public PoC exploited to create admin users A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication […] Lawrence Abrams Go to bleepingcomputer

Kraken ransomware benchmarks systems for optimal encryption choice The Kraken ransomware, which targets Windows, Linux/VMware ESXi systems, is testing machines to check how fast it can encrypt data without overloading them. […] Bill Toulas Go to bleepingcomputer

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks.  […] Lawrence Abrams Go to bleepingcomputer

Windows 11 now supports 3rd-party apps for native passkey management Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. […] Bill Toulas Go to bleepingcomputer

DanaBot malware is back to infecting Windows after 6-month break The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. […] Bill Toulas Go to bleepingcomputer

Extending Zero Trust to AI Agents: “Never Trust, Always Verify” Goes Autonomous As AI agents gain autonomy to act, decide, and access data, traditional Zero Trust models fall short. Token Security explains how to extend “never trust, always verify” to agentic AI with scoped access, continuous monitoring, and human accountability. […] Sponsored by Token Security…

Rhadamanthys infostealer disrupted as cybercriminals lose server access The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. […] Lawrence Abrams Go to bleepingcomputer

Hackers abuse Triofox antivirus feature to deploy remote access tools Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet’s Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. […] Bill Toulas Go to bleepingcomputer

APT37 hackers abuse Google Find Hub in Android data-wiping attacks North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. […] Bill Toulas Go to bleepingcomputer

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. […] Bill Toulas Go to bleepingcomputer

CISA orders feds to patch Samsung zero-day used in spyware attacks CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. […] Sergiu Gatlan Go to bleepingcomputer

Yanluowang initial access broker pleaded guilty to ransomware attacks A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. […] Sergiu Gatlan Go to bleepingcomputer

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features NAKIVO Backup & Replication v11.1 expands disaster recovery with real-time replication, enhanced Proxmox VE support, and granular physical backups. The update adds MSP Direct Connect for secure client management and a multilingual interface supporting seven languages. […] Sponsored by Nakivo Go to bleepingcomputer

Lost iPhone? Don’t fall for phishing texts saying it was found The Swiss National Cyber Security Centre (NCSC) is warning iPhone owners about a phishing scam that claims to have found your lost or stolen iPhone but is actually trying to steal your Apple ID credentials. […] Lawrence Abrams Go to bleepingcomputer

Dangerous runC flaws could allow hackers to escape Docker containers Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. […] Bill Toulas Go to bleepingcomputer

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. […] Bill Toulas Go to bleepingcomputer

Malicious NuGet packages drop disruptive ‘time bombs’ Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. […] Bill Toulas Go to bleepingcomputer

QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. […] Sergiu Gatlan Go to bleepingcomputer

Cisco: Actively exploited firewall flaws now abused for DoS attacks Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. […] Sergiu Gatlan Go to bleepingcomputer

Continuous Purple Teaming: Turning Red-Blue Rivalry into Real Defense Red and blue teams often operate independently, but attackers don’t. Picus Security shows how continuous purple teaming and BAS turn red-blue rivalry into real defense, validating controls and closing gaps in real time. […] Sponsored by Picus Security Go to bleepingcomputer

ClickFix malware attacks evolve with multi-OS support, video tutorials ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic  detection of the operating system to provide the correct commands. […] Bill Toulas Go to bleepingcomputer

Sandworm hackers use data wipers to disrupt Ukraine’s grain sector Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. […] Bill Toulas Go to bleepingcomputer

Gootloader malware is back with new tricks after 7-month break The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. […] Lawrence Abrams Go to bleepingcomputer

Hyundai AutoEver America data breach exposes SSNs, drivers licenses Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information. […] Bill Toulas Go to bleepingcomputer

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. […] Bill Toulas Go to bleepingcomputer

Apache OpenOffice disputes data breach claims by ransomware gang The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. […] Lawrence Abrams Go to bleepingcomputer

Hackers exploit critical auth bypass flaw in JobMonster WordPress theme Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions. […] Bill Toulas Go to bleepingcomputer

Fake Solidity VSCode extension on Open VSX backdoors developers A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. […] Bill Toulas Go to bleepingcomputer

US cybersecurity experts indicted for BlackCat ransomware attacks Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. […] Sergiu Gatlan Go to bleepingcomputer

Penn hacker claims to have stolen 1.2 million donor records in data breach A hacker has taken responsibility for last week’s University of Pennsylvania “We got hacked” email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. […] Lawrence Abrams Go to bleepingcomputer

Open VSX rotates access tokens used in supply-chain malware attack The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. […] Bill Toulas Go to bleepingcomputer