HPE notifies employees of data breach after Russian Office 365 hack

Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. [...] | Continue reading


@bleepingcomputer.com | 18 hours ago

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...] | Continue reading


@bleepingcomputer.com | 19 hours ago

US health system notifies 882,000 patients of August 2023 breach

Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...] | Continue reading


@bleepingcomputer.com | 21 hours ago

Cloudflare outage caused by botched blocking of phishing URL

An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. [...] | Continue reading


@bleepingcomputer.com | 22 hours ago

Microsoft shares workaround for Windows security update issues

Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...] | Continue reading


@bleepingcomputer.com | 23 hours ago

Microsoft has finally fixed Date & Time bug in Windows 11

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft Edge update adds AI-powered Scareware Blocker

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft says attackers use exposed ASP.NET keys to deploy malware

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

British engineering firm IMI discloses breach, shares no details

British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Ransomware payments fell by 35% in 2024, totalling $813,550,000

Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $813.55 million, down from $1.25 billion recorded in 2023. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Hackers spoof Microsoft ADFS login pages to steal credentials

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

AMD fixes bug that lets hackers load malicious microcode patches

​AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Spain arrests suspected hacker of US and Spanish military agencies

The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

How attackers abuse S3 Bucket Namesquatting — And How to Stop Them

AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Chinese cyberspies use new SSH backdoor in network device hacks

A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

California man steals $50 million using fake investment sites, gets 7 years

A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

How hackers target your Active Directory with breached VPN passwords

As the gateways to corporate networks, VPNs are an attractive target for attackers. Learn from Specops Software about how hackers use compromised VPN passwords and how you can protect your organization. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

GrubHub data breach impacts customers, drivers, and merchants

​Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, merchants, and drivers after attackers breached its systems using a service provider account. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Google fixes Android kernel zero-day exploited in attacks

The January 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Casio UK online store hacked to steal customer credit cards

Casio UK's e-shop at casio.co.uk was hacked to include malicious scripts that stole credit card and customer information between January 14 and 24, 2025. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

DeepSeek AI tools impersonated by infostealer malware on PyPI

Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

PyPI adds project archiving system to stop malicious updates

The Python Package Index (PyPI) has announced the introduction of 'Project Archival,' a new system that allows publishers to archive their projects, indicating to the users that no updates are to be expected. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Google says hackers abuse Gemini AI to empower their attacks

Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Microsoft improves text contrast for all Windows Chromium browsers

​Microsoft says it improved the contrast of text rendered in all Chromium-based web browsers on Windows, making it more readable on some displays. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Indian tech giant Tata Technologies hit by ransomware attack

Tata Technologies Ltd. had to suspend some of its IT services following a ransomware attack that impacted the company network. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Globe Life data breach may impact an additional 850,000 clients

Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Mizuno USA says hackers stayed in its network for two months

​Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

US healthcare provider data breach impacts 1 million patients

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients that their personal and health information was stolen in an October breach. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Police dismantles HeartSender cybercrime marketplace network

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

KuCoin to pay nearly $300 million in penalties after guilty plea

KuCoin's operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Backdoor found in two healthcare patient monitors, linked to IP in China

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. [.. … | Continue reading


@bleepingcomputer.com | 8 days ago

Google blocked 2.36 million risky Android apps from Play Store in 2024

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Ransomware attack disrupts New York blood donation giant

​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

DeepSeek exposes database with over 1 million chat records

DeepSeek, the Chinese AI startup known for its DeepSeek-R1 LLM model, has publicly exposed two databases containing sensitive user and operational information. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

The Advantages of Cloud-Based Remote Desktop versus RDP over VPN

Remote work is now an essential part of many businesses, requiring organizations to rethink how they provide secure and efficient access to corporate resources. Learn from TruGrid about the advantages of cloud-based RDP versus RDP over VPN, especially in the context of security, … | Continue reading


@bleepingcomputer.com | 8 days ago

Major GitHub outage affects pull requests and other services

​GitHub is mitigating an ongoing incident causing problems with multiple services, including performing pull requests, creating or viewing issues, and even viewing repositories and commits. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

New Syncjacking attack hijacks devices using Chrome extensions

A new attack called 'Browser Syncjacking' demonstrates the possibility of using a seemingly benign Chrome extension to take over a victim's device through the browser. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Microsoft lifts Windows 11 update block for PCs with gaming issues

Microsoft has removed a safeguard hold that prevented devices with Auto HDR enabled from installing the Windows 11 2024 Update due to gaming issues. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Police seizes Cracked and Nulled hacking forum servers, arrests suspects

Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics

A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass OpenAI's safety guidelines when asking for detailed instructions on sensitive topics, including the creation of weapons, information on nuclear topics, and malware creation. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

New Aquabotv3 botnet malware targets Mitel command injection flaw

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Solana Pump.fun tool DogWifTool compromised to drain wallets

DogWifTools has disclosed on its official Discord channel that its software has been compromised by a supply chain attack that impacted its Windows client, infecting users with malware. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Laravel admin package Voyager vulnerable to one-click RCE flaw

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Microsoft investigates Microsoft 365 outage affecting users, admins

Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

FBI seizes domains for Cracked.io, Nulled.to hacking forums

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Windows 11's Start menu is getting iPhone and Android integration

Windows 11's Start menu is getting a big update with full-fledged Android and iPhone integration. [...] | Continue reading


@bleepingcomputer.com | 9 days ago