Posts

Showing posts from March, 2025

VMware Workstation auto-updates broken after Broadcom URL redirect

VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. [...] https://www.bleepingcomputer.com/news/software/vmware-workstation-auto-updates-broken-after-broadcom-url-redirect/ Posted from: this blog via Microsoft Power Automate .

OpenAI says Deep Research is coming to ChatGPT free "very soon"

OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-deep-research-is-coming-to-chatgpt-free-very-soon/ Posted from: this blog via Microsoft Power Automate .

OpenAI says Deep Research is coming to ChatGPT free "very soon"

OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-deep-research-is-coming-to-chatgpt-free-very-soon/ Posted from: this blog via Microsoft Power Automate .

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...] https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ Posted from: this blog via Microsoft Power Automate .

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...] https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ Posted from: this blog via Microsoft Power Automate .

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...] https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ Posted from: this blog via Microsoft Power Automate .

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...] https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ Posted from: this blog via Microsoft Power Automate .

Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...] https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/ Posted from: this blog via Microsoft Power Automate .

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...] https://www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers adopt ClickFix attacks to target crypto firms

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-adopt-clickfix-attacks-to-target-crypto-firms/ Posted from: this blog via Microsoft Power Automate .

Microsoft tests new Windows 11 tool to remotely fix boot crashes

Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-quick-machine-recovery-tool-to-fix-boot-crashes/ Posted from: this blog via Microsoft Power Automate .

New Crocodilus malware steals Android users’ crypto wallet keys

A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. [...] https://www.bleepingcomputer.com/news/security/new-crocodilus-malware-steals-android-users-crypto-wallet-keys/ Posted from: this blog via Microsoft Power Automate .

U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams

The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams. [...] https://www.bleepingcomputer.com/news/cryptocurrency/us-seized-82-million-in-crypto-linked-to-romance-baiting-scams/ Posted from: this blog via Microsoft Power Automate .

Retail giant Sam’s Club investigates Clop ransomware breach claims

​Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. [...] https://www.bleepingcomputer.com/news/security/retail-giant-sams-club-investigates-clop-ransomware-breach-claims/ Posted from: this blog via Microsoft Power Automate .

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion

A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...] https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/ Posted from: this blog via Microsoft Power Automate .

New Ubuntu Linux security bypasses require manual mitigations

Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. [...] https://www.bleepingcomputer.com/news/security/new-ubuntu-linux-security-bypasses-require-manual-mitigations/ Posted from: this blog via Microsoft Power Automate .

Oracle Health breach compromises patient data at US hospitals

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...] https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Remote Desktop issues caused by Windows updates

Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-remote-desktop-issues-caused-by-windows-updates/ Posted from: this blog via Microsoft Power Automate .

Hijacked Microsoft Stream classic domain "spams" SharePoint sites

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...] https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/ Posted from: this blog via Microsoft Power Automate .

Hijacked Microsoft Stream classic domain "spams" SharePoint sites

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...] https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/ Posted from: this blog via Microsoft Power Automate .

Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...] https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/ Posted from: this blog via Microsoft Power Automate .

WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off

You can't escape AI in WhatsApp even if you are based in one of the 41 European countries. Today, more people are seeing the Meta AI chatbot being added to WhatsApp. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/whatsapps-meta-ai-is-now-rolling-out-in-europe-and-it-cant-be-turned-off/ Posted from: this blog via Microsoft Power Automate .

Vivaldi integrates Proton VPN into the browser to fight web tracking

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech' surveillance for free. [...] https://www.bleepingcomputer.com/news/software/vivaldi-integrates-proton-vpn-into-the-browser-to-fight-web-tracking/ Posted from: this blog via Microsoft Power Automate .

Dozens of solar inverter flaws could be exploited to attack power grids

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform. [...] https://www.bleepingcomputer.com/news/security/dozens-of-solar-inverter-flaws-could-be-exploited-to-attack-power-grids/ Posted from: this blog via Microsoft Power Automate .

UK fines software provider £3.07 million for 2022 ransomware breach

The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. [...] https://www.bleepingcomputer.com/news/security/uk-fines-software-provider-307-million-for-2022-ransomware-breach/ Posted from: this blog via Microsoft Power Automate .

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. [...] https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes printing issues caused by January Windows updates

Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-printing-issues-caused-by-january-windows-updates/ Posted from: this blog via Microsoft Power Automate .

RedCurl cyberspies create ransomware to encrypt Hyper-V servers

A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. [...] https://www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Recent Windows updates cause Remote Desktop issues

Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-remote-desktop-issues/ Posted from: this blog via Microsoft Power Automate .

Windows 11 update breaks Veeam recovery, causes connection errors

Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-update-breaks-veeam-recovery-causes-connection-errors/ Posted from: this blog via Microsoft Power Automate .

Google fixes Chrome zero-day exploited in espionage campaign

​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. [...] https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/ Posted from: this blog via Microsoft Power Automate .

CrushFTP warns users to patch unauthenticated access flaw immediately

CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. [...] https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-unauthenticated-access-flaw-immediately/ Posted from: this blog via Microsoft Power Automate .

Cloudflare R2 service outage caused by password rotation error

Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...] https://www.bleepingcomputer.com/news/security/cloudflare-r2-service-outage-caused-by-password-rotation-error/ Posted from: this blog via Microsoft Power Automate .

Cloudflare R2 service outage caused by password rotation error

Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...] https://www.bleepingcomputer.com/news/security/cloudflare-r2-service-outage-caused-by-password-rotation-error/ Posted from: this blog via Microsoft Power Automate .

Broadcom warns of authentication bypass in VMware Windows Tools

Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. [...] https://www.bleepingcomputer.com/news/security/broadcom-warns-of-authentication-bypass-in-vmware-windows-tools/ Posted from: this blog via Microsoft Power Automate .

New Windows zero-day leaks NTLM hashes, gets unofficial patch

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. [...] https://www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/ Posted from: this blog via Microsoft Power Automate .

EncryptHub linked to zero-day attacks targeting Windows systems

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. [...] https://www.bleepingcomputer.com/news/security/encrypthub-linked-to-zero-day-attacks-targeting-windows-systems/ Posted from: this blog via Microsoft Power Automate .

Browser-in-the-Browser attacks target CS2 players' Steam accounts

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...] https://www.bleepingcomputer.com/news/security/browser-in-the-browser-attacks-target-cs2-players-steam-accounts/ Posted from: this blog via Microsoft Power Automate .

New Android malware uses Microsoft’s .NET MAUI to evade detection

New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. [...] https://www.bleepingcomputer.com/news/security/new-android-malware-uses-microsofts-net-maui-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

23andMe files for bankruptcy, customers advised to delete DNA data

​California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles [...] https://www.bleepingcomputer.com/news/security/23andme-files-for-bankruptcy-customers-advised-to-delete-dna-data/ Posted from: this blog via Microsoft Power Automate .

New VanHelsing ransomware targets Windows, ARM, ESXi systems

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. [...] https://www.bleepingcomputer.com/news/security/new-vanhelsing-ransomware-targets-windows-arm-esxi-systems/ Posted from: this blog via Microsoft Power Automate .

DrayTek routers worldwide go into reboot loops over weekend

Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. [...] https://www.bleepingcomputer.com/news/security/draytek-routers-worldwide-go-into-reboot-loops-over-weekend/ Posted from: this blog via Microsoft Power Automate .

Chinese Weaver Ant hackers spied on telco network for 4 years

A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.  [...] https://www.bleepingcomputer.com/news/security/chinese-weaver-ant-hackers-spied-on-telco-network-for-4-years/ Posted from: this blog via Microsoft Power Automate .

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks

Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn't always enough. Don't let threats persist in your cloud data. Strengthen your defenses. [...] https://www.bleepingcomputer.com/news/security/hidden-threats-how-microsoft-365-backups-store-risks-for-future-attacks/ Posted from: this blog via Microsoft Power Automate .

Google Gemini's Astra (screen sharing) rolls out on Android for some users

At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed "Project Astra". At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-geminis-astra-screen-sharing-rolls-out-on-android-for-some-users/ Posted from: this blog via Microsoft Power Automate .

FBI warnings are true—fake file converters do push malware

The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios, lead to ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/ Posted from: this blog via Microsoft Power Automate .

Cloudflare now blocks all unencrypted traffic to its API endpoints

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [...] https://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-all-unencrypted-traffic-to-its-api-endpoints/ Posted from: this blog via Microsoft Power Automate .

Microsoft Trust Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. [...] https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/ Posted from: this blog via Microsoft Power Automate .

Coinbase was primary target of recent GitHub Actions breaches

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...] https://www.bleepingcomputer.com/news/security/coinbase-was-primary-target-of-recent-github-actions-breaches/ Posted from: this blog via Microsoft Power Automate .

Oracle denies breach after hacker claims theft of 6 million data records

Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers [...] https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/ Posted from: this blog via Microsoft Power Automate .

Fake Semrush ads used to steal SEO professionals’ Google accounts

A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. [...] https://www.bleepingcomputer.com/news/security/fake-semrush-ads-used-to-steal-seo-professionals-google-accounts/ Posted from: this blog via Microsoft Power Automate .

US removes sanctions against Tornado Cash crypto mixer

The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists. [...] https://www.bleepingcomputer.com/news/security/us-removes-sanctions-against-tornado-cash-crypto-mixer/ Posted from: this blog via Microsoft Power Automate .

Steam pulls game demo infecting Windows with info-stealing malware

Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. [...] https://www.bleepingcomputer.com/news/security/steam-pulls-game-demo-infecting-windows-with-info-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

Veeam RCE bug lets domain users hack backup servers, patch now

Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. [...] https://www.bleepingcomputer.com/news/security/veeam-rce-bug-lets-domain-users-hack-backup-servers-patch-now/ Posted from: this blog via Microsoft Power Automate .

CISA tags NAKIVO backup flaw as actively exploited in attacks

CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. [...] https://www.bleepingcomputer.com/news/security/cisa-tags-nakivo-backup-flaw-as-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

RansomHub ransomware uses new custom Betruger backdoor in attacks

Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. [...] https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/ Posted from: this blog via Microsoft Power Automate .

WordPress security plugin WP Ghost vulnerable to remote code execution bug

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. [...] https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/ Posted from: this blog via Microsoft Power Automate .

Is it time to retire 'one-off' pen tests for continuous testing?

Annual pentests can leave security gaps that attackers can exploit for months. Learn more from Outpost24 about why continuous penetration testing (PTaaS) offers real-time detection, remediation, and stronger protection. [...] https://www.bleepingcomputer.com/news/security/is-it-time-to-retire-one-off-pen-tests-for-continuous-testing/ Posted from: this blog via Microsoft Power Automate .

HellCat hackers go on a worldwide Jira hacking spree

Swiss global solutions provider Ascom has confirmed a cyberattack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials. [...] https://www.bleepingcomputer.com/news/security/hellcat-hackers-go-on-a-worldwide-jira-hacking-spree/ Posted from: this blog via Microsoft Power Automate .

Malware campaign 'DollyWay' breached 20,000 WordPress sites

A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...] https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2025.1a released with 1 new tool, annual theme refresh

Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20251a-released-with-1-new-tool-annual-theme-refresh/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2025.1a released with 1 new tool, annual theme refresh

Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20251a-released-with-1-new-tool-annual-theme-refresh/ Posted from: this blog via Microsoft Power Automate .

Pennsylvania education union data breach hit 500,000 people

The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. [...] https://www.bleepingcomputer.com/news/security/pennsylvania-education-union-data-breach-hit-500-000-people/ Posted from: this blog via Microsoft Power Automate .

Ukrainian military targeted in new Signal spear-phishing attacks

Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. [...] https://www.bleepingcomputer.com/news/security/ukrainian-military-targeted-in-new-signal-spear-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Exchange Online outage affects Outlook web users

​Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-affects-outlook-web-users/ Posted from: this blog via Microsoft Power Automate .

New Arcane infostealer infects YouTube, Discord users via game cheats

A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. [...] https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows update bug that uninstalled Copilot

Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-update-bug-that-wiped-out-copilot/ Posted from: this blog via Microsoft Power Automate .

Click Profit blocked by the FTC over alleged e-commerce scams

The Federal Trade Commission (FTC) in the U.S. has taken action against Click Profit for allegedly deceiving consumers with false promises of guaranteed passive income through AI-powered online stores. [...] https://www.bleepingcomputer.com/news/legal/click-profit-blocked-by-the-ftc-over-alleged-e-commerce-scams/ Posted from: this blog via Microsoft Power Automate .

WhatsApp patched zero-click flaw exploited in Paragon spyware attacks

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab. [...] https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/ Posted from: this blog via Microsoft Power Automate .

Why it's time for phishing prevention to move beyond email

While phishing has evolved, email security hasn't kept up. Attackers now bypass MFA & detection tools with advanced phishing kits, making credential theft harder to prevent. Learn how Push Security's browser-based security stops attacks as they happen. [...] https://www.bleepingcomputer.com/news/security/why-its-time-for-phishing-prevention-to-move-beyond-email/ Posted from: this blog via Microsoft Power Automate .

Sperm donation giant California Cryobank warns of a data breach

US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. [...] https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/ Posted from: this blog via Microsoft Power Automate .

GitHub Action hack likely led to another in cascading supply chain attack

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...] https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Western Alliance Bank notifies 21,899 customers of data breach

Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. [...] https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/ Posted from: this blog via Microsoft Power Automate .

Malicious Android 'Vapor' apps on Google Play installed 60 million times

Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...] https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/ Posted from: this blog via Microsoft Power Automate .

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...] https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/ Posted from: this blog via Microsoft Power Automate .

Google to purchase Wiz for $32 billion in cloud security play

Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. [...] https://www.bleepingcomputer.com/news/security/google-to-purchase-wiz-for-32-billion-in-cloud-security-play/ Posted from: this blog via Microsoft Power Automate .

Critical AMI MegaRAC bug can let attackers hijack, brick servers

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/ Posted from: this blog via Microsoft Power Automate .

Blockchain gaming platform WEMIX hacked to steal $6.1 million

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. [...] https://www.bleepingcomputer.com/news/security/blockchain-gaming-platform-wemix-hacked-to-steal-61-million/ Posted from: this blog via Microsoft Power Automate .

BlackLock ransomware claims nearly 50 attacks in two months

A ransomware-as-a-service (RaaS) operation called 'BlackLock' has emerged as one of the more active ransomware operations of 2025. [...] https://www.bleepingcomputer.com/news/security/blacklock-ransomware-claims-nearly-50-attacks-in-two-months/ Posted from: this blog via Microsoft Power Automate .

Telegram CEO leaves France temporarily as criminal probe continues

French authorities have allowed Pavel Durov, Telegram's CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. [...] https://www.bleepingcomputer.com/news/security/telegram-ceo-leaves-france-temporarily-as-criminal-probe-continues/ Posted from: this blog via Microsoft Power Automate .

Microsoft: New RAT malware used for crypto theft, reconnaissance

​Microsoft has discovered a new remote access trojan (RAT) that employs "sophisticated techniques" to avoid detection, ensure persistence, and extract sensitive information data. [...] https://www.bleepingcomputer.com/news/security/microsoft-new-rat-malware-used-for-crypto-theft-reconnaissance/ Posted from: this blog via Microsoft Power Automate .

OKX suspends DEX aggregator after Lazarus hackers try to launder funds

OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. [...] https://www.bleepingcomputer.com/news/security/okx-suspends-dex-aggregator-after-lazarus-hackers-try-to-launder-funds/ Posted from: this blog via Microsoft Power Automate .

Supply chain attack on popular GitHub Action exposes CI/CD secrets

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...] https://www.bleepingcomputer.com/news/security/supply-chain-attack-on-popular-github-action-exposes-ci-cd-secrets/ Posted from: this blog via Microsoft Power Automate .

Microsoft: March Windows updates mistakenly uninstall Copilot

​Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-march-windows-updates-mistakenly-uninstall-copilot/ Posted from: this blog via Microsoft Power Automate .

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...] https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. [...] https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/ Posted from: this blog via Microsoft Power Automate .

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. [...] https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/ Posted from: this blog via Microsoft Power Automate .

New Akira ransomware decryptor cracks encryptions keys using GPUs

Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. [...] https://www.bleepingcomputer.com/news/security/gpu-powered-akira-ransomware-decryptor-released-on-github/ Posted from: this blog via Microsoft Power Automate .

Coinbase phishing email tricks users with fake wallet migration

A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. [...] https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/ Posted from: this blog via Microsoft Power Automate .

Week-long Exchange Online outage causes email failures, delays

Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...] https://www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/ Posted from: this blog via Microsoft Power Automate .

Cisco IOS XR vulnerability lets attackers crash BGP on routers

Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. [...] https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/ Posted from: this blog via Microsoft Power Automate .

Suspected LockBit ransomware dev extradited to United States

A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. [...] https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/ Posted from: this blog via Microsoft Power Automate .

Microsoft apologizes for removing VSCode extensions used by millions

Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/ Posted from: this blog via Microsoft Power Automate .

Microsoft apologizes for removing VSCode extensions used by millions

Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/ Posted from: this blog via Microsoft Power Automate .

New SuperBlack ransomware exploits Fortinet auth bypass flaws

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. [...] https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/ Posted from: this blog via Microsoft Power Automate .

Microsoft says button to restore classic Outlook is broken

​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-button-to-restore-classic-outlook-is-broken/ Posted from: this blog via Microsoft Power Automate .

GitLab patches critical authentication bypass vulnerabilities

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...] https://www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

ClickFix attack delivers infostealers, RATs in fake Booking.com emails

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...] https://www.bleepingcomputer.com/news/security/clickfix-attack-delivers-infostealers-rats-in-fake-bookingcom-emails/ Posted from: this blog via Microsoft Power Automate .

Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype

Credential theft surged 3× in a year—but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the "perfect heist." [...] https://www.bleepingcomputer.com/news/security/red-report-2025-unmasking-a-3x-spike-in-credential-theft-and-debunking-the-ai-hype/ Posted from: this blog via Microsoft Power Automate .

Facebook discloses FreeType 2 flaw exploited in attacks

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/facebook-discloses-freetype-2-flaw-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

CISA: Medusa ransomware hit over 300 critical infrastructure orgs

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. [...] https://www.bleepingcomputer.com/news/security/cisa-medusa-ransomware-hit-over-300-critical-infrastructure-orgs/ Posted from: this blog via Microsoft Power Automate .

New North Korean Android spyware slips onto Google Play

A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. [...] https://www.bleepingcomputer.com/news/security/new-north-korean-android-spyware-slips-onto-google-play/ Posted from: this blog via Microsoft Power Automate .

Microsoft patches Windows Kernel zero-day exploited since 2023

Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-kernel-zero-day-exploited-since-2023/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Recent Windows updates make USB printers print random text

Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-usb-printers-print-random-text-after-recent-windows-updates/ Posted from: this blog via Microsoft Power Automate .

North Korean Lazarus hackers infect hundreds via npm packages

Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. [...] https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/ Posted from: this blog via Microsoft Power Automate .

North Korean Lazarus hackers infect hundreds via npm packages

Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. [...] https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/ Posted from: this blog via Microsoft Power Automate .

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. [...] https://www.bleepingcomputer.com/news/apple/apple-fixes-webkit-zero-day-exploited-in-extremely-sophisticated-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2025-patch-tuesday-fixes-7-zero-days-57-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5053598 & KB5053602 cumulative updates released

Microsoft has released Windows 11 KB5053598 and KB5053602  cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5053598-and-kb5053602-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

The AI race: Dark AI is in the lead, but good AI is catching up

Cybercriminals are using AI for help in planning and conducting cyberattacks—but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered security solutions are closing the gap in the battle against AI-driven cyber threats. [...] https://www.bleepingcomputer.com/news/security/the-ai-race-dark-ai-is-in-the-lead-but-good-ai-is-catching-up/ Posted from: this blog via Microsoft Power Automate .

PowerSchool previously hacked in August, months before data breach

PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. [...] https://www.bleepingcomputer.com/news/security/powerschool-previously-hacked-in-august-months-before-data-breach/ Posted from: this blog via Microsoft Power Automate .

CISA tags critical Ivanti EPM flaws as actively exploited in attacks

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...] https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims

The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. [...] https://www.bleepingcomputer.com/news/security/x-hit-by-massive-cyberattack-amid-dark-storms-ddos-claims/ Posted from: this blog via Microsoft Power Automate .

US govt says Americans lost record $12.5 billion to fraud in 2024

The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. [...] https://www.bleepingcomputer.com/news/security/us-govt-says-americans-lost-record-125-billion-to-fraud-in-2024/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares guidance on upcoming Publisher deprecation

Microsoft has published guidance for users of Microsoft Publisher as it will no longer be supported after October 2026 and removed from Microsoft 365. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-upcoming-publisher-deprecation/ Posted from: this blog via Microsoft Power Automate .

Swiss critical sector faces new 24-hour cyberattack reporting rule

Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. [...] https://www.bleepingcomputer.com/news/security/swiss-critical-sector-faces-new-24-hour-cyberattack-reporting-rule/ Posted from: this blog via Microsoft Power Automate .

Google paid $12 million in bug bounties last year to security researchers

Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. [...] https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/ Posted from: this blog via Microsoft Power Automate .

Quantum leap: Passwords in the new era of computing security

Quantum computing threatens to break traditional encryption, putting sensitive data at risk. Learn more from Specops Software about the risks of quantum computing and how to prepare for them. [...] https://www.bleepingcomputer.com/news/security/quantum-leap-passwords-in-the-new-era-of-computing-security/ Posted from: this blog via Microsoft Power Automate .

Microsoft lifts Windows 11 update block for some AutoCAD users

Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-update-block-for-some-autocad-users/ Posted from: this blog via Microsoft Power Automate .

US cities warn of wave of unpaid parking phishing texts

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. [...] https://www.bleepingcomputer.com/news/security/us-cities-warn-of-wave-of-unpaid-parking-phishing-texts/ Posted from: this blog via Microsoft Power Automate .

Developer guilty of using kill switch to sabotage employer's systems

A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company. [...] https://www.bleepingcomputer.com/news/security/developer-guilty-of-using-kill-switch-to-sabotage-employers-systems/ Posted from: this blog via Microsoft Power Automate .

Undocumented backdoor found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented backdoor that could be leveraged for attacks. [...] https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/ Posted from: this blog via Microsoft Power Automate .

YouTubers extorted via copyright strikes to spread malware

Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. [...] https://www.bleepingcomputer.com/news/security/youtubers-extorted-via-copyright-strikes-to-spread-malware/ Posted from: this blog via Microsoft Power Automate .

US seizes $23 million in crypto stolen via password manager breach

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...] https://www.bleepingcomputer.com/news/security/us-seizes-23-million-in-crypto-stolen-via-password-manager-breach/ Posted from: this blog via Microsoft Power Automate .

US seizes $23 million in crypto stolen via password manager breach

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...] https://www.bleepingcomputer.com/news/security/us-seizes-23-million-in-crypto-stolen-via-password-manager-breach/ Posted from: this blog via Microsoft Power Automate .

Unpatched Edimax IP camera flaw actively exploited in botnet attacks

A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...] https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/ Posted from: this blog via Microsoft Power Automate .

Employee charged with stealing unreleased movies, sharing them online

A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. [...] https://www.bleepingcomputer.com/news/security/employee-charged-with-stealing-unreleased-movies-sharing-them-online/ Posted from: this blog via Microsoft Power Automate .

US charges Garantex admins with money laundering, sanctions violations

The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. [...] https://www.bleepingcomputer.com/news/security/us-charges-garantex-admins-with-money-laundering-sanctions-violations/ Posted from: this blog via Microsoft Power Automate .

Microsoft: North Korean hackers join Qilin ransomware gang

Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. [...] https://www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/ Posted from: this blog via Microsoft Power Automate .

Microsoft says malvertising campaign impacted 1 million PCs

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...] https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/ Posted from: this blog via Microsoft Power Automate .

Microsoft says malvertising campaign impacted 1 million PCs

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...] https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/ Posted from: this blog via Microsoft Power Automate .

Akira ransomware encrypted network from a webcam to bypass EDR

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...] https://www.bleepingcomputer.com/news/security/akira-ransomware-encrypted-network-from-a-webcam-to-bypass-edr/ Posted from: this blog via Microsoft Power Automate .

US seizes domain of Garantex crypto exchange used by ransomware gangs

The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. [...] https://www.bleepingcomputer.com/news/security/us-seizes-domain-of-garantex-crypto-exchange-used-by-ransomware-gangs/ Posted from: this blog via Microsoft Power Automate .

Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. [...] https://www.bleepingcomputer.com/news/security/cybercrime-crew-stole-635-000-in-taylor-swift-concert-tickets/ Posted from: this blog via Microsoft Power Automate .

Ethereum private key stealer on PyPI downloaded over 1,000 times

A malicious Python Package Index (PyPI)  package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. [...] https://www.bleepingcomputer.com/news/security/ethereum-private-key-stealer-on-pypi-downloaded-over-1-000-times/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 apps will prompt users to back up files in OneDrive

Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-365-apps-will-prompt-users-to-back-up-files-in-onedrive/ Posted from: this blog via Microsoft Power Automate .

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...] https://www.bleepingcomputer.com/news/security/over-37-000-vmware-esxi-servers-vulnerable-to-ongoing-attacks/ Posted from: this blog via Microsoft Power Automate .

Malicious Chrome extensions can spoof password managers in new attack

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...] https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/ Posted from: this blog via Microsoft Power Automate .

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...] https://www.bleepingcomputer.com/news/security/open-source-tool-rayhunter-helps-users-detect-stingray-attacks/ Posted from: this blog via Microsoft Power Automate .

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...] https://www.bleepingcomputer.com/news/security/open-source-tool-rayhunter-helps-users-detect-stingray-attacks/ Posted from: this blog via Microsoft Power Automate .

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...] https://www.bleepingcomputer.com/news/security/open-source-tool-rayhunter-helps-users-detect-stingray-attacks/ Posted from: this blog via Microsoft Power Automate .

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...] https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/ Posted from: this blog via Microsoft Power Automate .

US charges Chinese hackers linked to critical infrastructure breaches

The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...] https://www.bleepingcomputer.com/news/security/us-charges-chinese-hackers-linked-to-critical-infrastructure-breaches/ Posted from: this blog via Microsoft Power Automate .

BadBox malware disrupted on 500K infected Android devices

The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. [...] https://www.bleepingcomputer.com/news/security/badbox-malware-disrupted-on-500k-infected-android-devices/ Posted from: this blog via Microsoft Power Automate .

Look up: The new frontier of cyberthreats is in the sky

With increased unidentified drone sightings worldwide, some are concerned they pose a cybersecurity risk. Learn more from Acronis about these risks and a real attack on a Taiwan drone manufacturer. [...] https://www.bleepingcomputer.com/news/security/look-up-the-new-frontier-of-cyberthreats-is-in-the-sky/ Posted from: this blog via Microsoft Power Automate .

YouTube warns of AI-generated video of its CEO used in phishing attacks

YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...] https://www.bleepingcomputer.com/news/security/youtube-warns-of-ai-generated-video-of-its-ceo-used-in-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware/ Posted from: this blog via Microsoft Power Automate .

New Eleven11bot botnet infects 86,000 devices for DDoS attacks

A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. [...] https://www.bleepingcomputer.com/news/security/new-eleven11bot-botnet-infects-86-000-devices-for-ddos-attacks/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of Webex for BroadWorks flaw exposing credentials

Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/ Posted from: this blog via Microsoft Power Automate .

New polyglot malware hits aviation, satellite communication firms

A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. [...] https://www.bleepingcomputer.com/news/security/new-polyglot-malware-hits-aviation-satellite-communication-firms/ Posted from: this blog via Microsoft Power Automate .

Polish Space Agency offline as it recovers from cyberattack

​The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...] https://www.bleepingcomputer.com/news/security/polish-space-agency-offline-as-it-recovers-from-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Hunters International ransomware claims attack on Tata Technologies

The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. [...] https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-claims-attack-on-tata-technologies/ Posted from: this blog via Microsoft Power Automate .

Rubrik rotates authentication keys after log server breach

Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. [...] https://www.bleepingcomputer.com/news/security/rubrik-rotates-authentication-keys-after-log-server-breach/ Posted from: this blog via Microsoft Power Automate .

DHS says CISA will not stop monitoring Russian cyber threats

The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged. [...] https://www.bleepingcomputer.com/news/security/dhs-says-cisa-will-not-stop-monitoring-russian-cyber-threats/ Posted from: this blog via Microsoft Power Automate .

DHS says CISA will not stop monitoring Russian cyber threats

The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged. [...] https://www.bleepingcomputer.com/news/security/dhs-says-cisa-will-not-stop-monitoring-russian-cyber-threats/ Posted from: this blog via Microsoft Power Automate .

New Microsoft 365 outage impacts Teams, causes call failures

Microsoft is investigating a new Microsoft 365 outage that is affecting Teams customers and causing call failures. [...] https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-impacts-teams-causes-call-failures/ Posted from: this blog via Microsoft Power Automate .

CISA tags Windows, Cisco vulnerabilities as actively exploited

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...] https://www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/ Posted from: this blog via Microsoft Power Automate .

New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...] https://www.bleepingcomputer.com/news/security/new-clickfix-attack-deploys-havoc-c2-via-microsoft-sharepoint/ Posted from: this blog via Microsoft Power Automate .

UK watchdog probes TikTok and Reddit over child privacy concerns

On Monday, the United Kingdom's privacy watchdog announced that it is investigating TikTok, Reddit, and Imgur because of privacy concerns about how they are processing children's data. [...] https://www.bleepingcomputer.com/news/security/uk-watchdog-probes-tiktok-and-reddit-over-child-privacy-concerns/ Posted from: this blog via Microsoft Power Automate .

Microsoft links recent Microsoft 365 outage to buggy update

​Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-links-recent-microsoft-365-outage-to-buggy-update/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-exploit-paragon-partition-manager-bug-in-byovd-attacks/ Posted from: this blog via Microsoft Power Automate .