Advertisement · 728 × 90

Posts by BleepingComputer

Preview
Cisco says critical Webex Services flaw requires customer action Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]
3 hours ago 1 0 0 0
Preview
Data breach at edtech giant McGraw Hill affects 13.5 million accounts The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. [...]
5 hours ago 2 0 0 0
Preview
US nationals behind DPRK IT worker 'laptop farm' sent to prison Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. [...]
7 hours ago 1 0 0 0
Preview
Microsoft releases Windows 10 KB5082200 extended security update Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. [...]
1 day ago 3 0 0 0
Preview
McGraw-Hill confirms data breach following extortion threat Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]
1 day ago 2 0 0 0
Preview
5 Ways Zero Trust Maximizes Identity Security Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. [...]
2 days ago 1 1 0 0
Preview
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]
6 days ago 2 0 0 0
Preview
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]
6 days ago 0 1 0 0
Preview
Microsoft: Canadian employees targeted in payroll pirate attacks A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]
6 days ago 0 1 0 0
Advertisement
Preview
Google rolls out Gmail end-to-end encryption on mobile devices Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
6 days ago 1 1 0 0
Preview
When attackers already have the keys, MFA is just another door to open Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
1 week ago 0 0 0 0
Preview
Max severity Flowise RCE vulnerability now exploited in attacks Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
1 week ago 0 1 0 0
Preview
Why Your Automated Pentesting Tool Just Hit a Wall Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]
1 week ago 0 0 0 0
Preview
German authorities identify REvil and GangCrab ransomware bosses The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
1 week ago 1 1 0 0
Preview
New GPUBreach attack enables system takeover via GPU rowhammer A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
1 week ago 0 0 0 0
Preview
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
1 week ago 0 0 0 0
Preview
Microsoft fixes Classic Outlook bug causing email delivery issues Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
1 week ago 0 0 0 0
Advertisement
Preview
Microsoft links Medusa ransomware affiliate to zero-day attacks Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
1 week ago 0 0 0 0
Preview
Drift $280M crypto theft linked to 6-month in-person operation The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
1 week ago 0 0 0 0
Preview
CISA orders feds to patch exploited Fortinet EMS flaw by Friday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
1 week ago 0 0 0 0
Preview
New FortiClient EMS flaw exploited in attacks, emergency patch released Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
1 week ago 0 0 0 0
Preview
Hackers exploit React2Shell in automated credential theft campaign Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]
1 week ago 1 2 0 0
Preview
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]
2 weeks ago 1 1 0 0
Preview
Microsoft links Classic Outlook issue to email delivery problems Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]
2 weeks ago 2 0 0 1
Preview
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]
2 weeks ago 0 0 0 0
Advertisement
Preview
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. [...]
2 weeks ago 1 0 0 0
Preview
Hackers exploit TrueConf zero-day to push malicious software updates Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]
2 weeks ago 1 0 0 0
Preview
New EvilTokens service fuels Microsoft device code phishing attacks A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. [...]
2 weeks ago 0 2 0 0
Preview
'NoVoice' Android malware on Google Play infected 2.3 million devices A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. [...]
2 weeks ago 2 2 0 0
Preview
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]
2 weeks ago 1 0 0 0