Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. [...] | Continue reading
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [...] | Continue reading
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...] | Continue reading
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...] | Continue reading
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...] | Continue reading
Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. [...] | Continue reading
Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. [...] | Continue reading
You can't escape AI in WhatsApp even if you are based in one of the 41 European countries. Today, more people are seeing the Meta AI chatbot being added to WhatsApp. [...] | Continue reading
Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free. [...] | Continue reading
Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform. [...] | Continue reading
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. [...] | Continue reading
Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude's Compass what you need, and the AI agent will take care of everything. [...] | Continue reading
Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. [...] | Continue reading
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. [...] | Continue reading
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. [...] | Continue reading
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...] | Continue reading
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. [...] | Continue reading
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. [...] | Continue reading
New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. [...] | Continue reading
California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles [...] | Continue reading
A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. [...] | Continue reading
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. [...] | Continue reading
African law enforcement authorities have arrested 306 suspects as part of 'Operation Red Card,' an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. [...] | Continue reading
A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...] | Continue reading
Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn't always enough. Don't let threats persist in your cloud data. Strengthen your defenses. [...] | Continue reading
At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed "Project Astra". At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. [...] | Continue reading
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...] | Continue reading
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers [...] | Continue reading
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. [...] | Continue reading
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails. [...] | Continue reading
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. [...] | Continue reading
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. [...] | Continue reading
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. [...] | Continue reading
Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. [...] | Continue reading
Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. [...] | Continue reading
Microsoft has lifted an upgrade block that prevented Asphalt 8: Airborne players from upgrading their systems to Windows 11 24H2 due to compatibility issues. [...] | Continue reading
Annual pentests can leave security gaps that attackers can exploit for months. Learn more from Outpost24 about why continuous penetration testing (PTaaS) offers real-time detection, remediation, and stronger protection. [...] | Continue reading
Swiss global solutions provider Ascom has confirmed a cyberattack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials. [...] | Continue reading
A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...] | Continue reading
Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes. [...] | Continue reading
A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. [...] | Continue reading
Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...] | Continue reading
The Federal Trade Commission (FTC) in the U.S. has taken action against Click Profit for allegedly deceiving consumers with false promises of guaranteed passive income through AI-powered online stores. [...] | Continue reading
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab. [...] | Continue reading
Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. [...] | Continue reading
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...] | Continue reading
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...] | Continue reading
Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. [...] | Continue reading