Now BlueSky hit with crypto scams as it crosses 20 million users

As users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors. BleepingComputer has spotted cryptocurrency scams popping up on BlueSky just as the decentralized microblogging service surpassed 20 million users this week. [...] | Continue reading


@bleepingcomputer.com | 2 hours ago

Cyberattack at French hospital exposes health data of 750,000 patients

A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...] | Continue reading


@bleepingcomputer.com | 10 hours ago

MITRE shares 2024's top 25 most dangerous software weaknesses

MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...] | Continue reading


@bleepingcomputer.com | 16 hours ago

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...] | Continue reading


@bleepingcomputer.com | 17 hours ago

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Ford investgates alleged breach following customer data leak

Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

​Microsoft announced today that hotpatching is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Helldown ransomware exploits Zyxel VPN flaw to breach networks

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Botnet fueling residential proxies disrupted in cybercrime crackdown

The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft launches Zero Day Quest hacking event with $4 million in rewards

​Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it's expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft shares more details on Windows 11 admin protection

​Microsoft has shared more details about the new Windows 11 administrator protection security feature, which is available in preview and uses Windows Hello authentication prompts to block access to critical system resources. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Spotify abused to promote pirated software and game cheats

Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online pro … | Continue reading


@bleepingcomputer.com | 2 days ago

Palo Alto Networks patches two firewall zero-days used in attacks

Palo Alto Networks has finally released security updates for an actively exploited zero-day vulnerability in its Next-Generation Firewalls (NGFW). [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Critical RCE bug in VMware vCenter Server now exploited in attacks

​Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Fake AI video generators infect Windows, macOS with infostealers

Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

T-Mobile confirms it was hacked in recent wave of telecom breaches

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

GitHub projects targeted with malicious commits to frame researcher

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering abou … | Continue reading


@bleepingcomputer.com | 4 days ago

NSO Group used another WhatsApp zero-day after being sued, court docs say

Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Botnet exploits GeoVision zero-day to install Mirai malware

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Fraud network uses 4,700 fake shopping sites to steal credit cards

A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Hacker gets 10 years in prison for extorting US healthcare provider

Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Leaked info of 122 million linked to B2B data aggregator breach

The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

US indicts Snowflake hackers who extorted $2.5 million from 3 victims

The Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more than 165 organizations using the services of the Snowflake cloud storage company. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

New Google Pixel AI feature analyzes phone conversations for scams

Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues

​Microsoft has fixed several bugs that cause install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Microsoft Exchange adds warning to emails abusing spoofing flaw

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

D-Link won’t fix critical bug in 60,000 exposed EoL modems

Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Windows 10 KB5046613 update released with fixes for printer bugs

Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Signal introduces convenient "call links" for private group chats

The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Volt Typhoon rebuilds malware botnet following FBI disruption

The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

North Korean hackers create Flutter apps to bypass macOS security

North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

iPhones now auto-restart to block access to encrypted data after long idle times

Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

VMware makes Workstation and Fusion free for everyone

​VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

New Ymir ransomware partners with RustyStealer in attacks

A new ransomware family called 'Ymir' has been spotted in the wild, being introduced onto systems that were previously compromised by the RustyStealer info-stealer malware. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

HIBP notifies 57 million people of Hot Topic data breach

Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Amazon confirms employee data breach after vendor hack

Amazon confirmed an employee data breach after a threat actor leaked on a hacking forum what they claimed was data stolen during the MOVEit data theft attacks in May 2023. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools

Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Halliburton reports $35 million loss after ransomware attack

Halliburton has revealed that an August ransomware attack has led to $35 million in losses after the breach caused the company to shut down IT systems and disconnect customers. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Windows 11 is adding a 'Share' button to the Start menu and Taskbar

Microsoft wants you to share content/items more frequently, so it's now adding the "Share" button everywhere, including the Start menu and even the taskbar. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Microsoft investigates OneDrive issue causing macOS app freezes

​Microsoft is investigating a newly acknowledged issue causing macOS applications to hang when opening or saving files in OneDrive. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Hackers now use ZIP file concatenation to evade detection

Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Google says “Enhanced protection” feature in Chrome now uses AI

Google has quietly updated the description of one of the Chrome's security features "Enchaned protection" to confirm that it will be powered by AI in a future release. [...] | Continue reading


@bleepingcomputer.com | 11 days ago