Posts

Showing posts from May, 2025

Exploit details for max severity Cisco IOS XE flaw now public

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. [...] https://www.bleepingcomputer.com/news/security/exploit-details-for-max-severity-cisco-ios-xe-flaw-now-public/ Posted from: this blog via Microsoft Power Automate .

Hackers are exploiting critical flaw in vBulletin forum software

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. [...] https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-flaw-in-vbulletin-forum-software/ Posted from: this blog via Microsoft Power Automate .

Microsoft now testing Notepad text formatting in Windows 11

Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-now-testing-notepad-text-formatting-in-windows-11/ Posted from: this blog via Microsoft Power Automate .

Police takes down AVCheck antivirus site used by cybercriminals

An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. [...] https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/ Posted from: this blog via Microsoft Power Automate .

Getting Exposure Management Right: Insights from 500 CISOs

Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. [...] https://www.bleepingcomputer.com/news/security/getting-exposure-management-right-insights-from-500-cisos/ Posted from: this blog via Microsoft Power Automate .

Microsoft Authenticator now warns to export passwords before July cutoff

The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. [...] https://www.bleepingcomputer.com/news/security/microsoft-authenticator-now-warns-to-export-passwords-before-july-cutoff/ Posted from: this blog via Microsoft Power Automate .

Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs

Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. [...] https://www.bleepingcomputer.com/news/software/mozilla-releases-firefox-13901-update-to-fix-artifacts-on-nvidia-gpus/ Posted from: this blog via Microsoft Power Automate .

Microsoft Authenticator now warns to export passwords before July cutoff

The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. [...] https://www.bleepingcomputer.com/news/security/microsoft-authenticator-now-warns-to-export-passwords-before-july-cutoff/ Posted from: this blog via Microsoft Power Automate .

Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs

Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. [...] https://www.bleepingcomputer.com/news/software/mozilla-releases-firefox-13901-update-to-fix-artifacts-on-nvidia-gpus/ Posted from: this blog via Microsoft Power Automate .

US sanctions firm linked to cyber scams behind $200 million in losses

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...] https://www.bleepingcomputer.com/news/security/us-sanctions-company-linked-to-hundreds-of-thousands-of-cyber-scam-sites/ Posted from: this blog via Microsoft Power Automate .

Cybercriminals exploit AI hype to spread ransomware, malware

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. [...] https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/ Posted from: this blog via Microsoft Power Automate .

Attackers are mapping your attack surface—are you?

Attackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it. [...] https://www.bleepingcomputer.com/news/security/attackers-are-mapping-your-attack-surface-are-you/ Posted from: this blog via Microsoft Power Automate .

Victoria’s Secret takes down website after security incident

Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident [...] https://www.bleepingcomputer.com/news/security/victorias-secret-takes-down-website-after-security-incident/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows 11 might fail to start after installing KB5058405

Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 security update released during this month's Patch Tuesday. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-might-fail-to-start-after-installing-kb5058405/ Posted from: this blog via Microsoft Power Automate .

Data broker LexisNexis discloses data breach affecting 364,000 people

Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. [...] https://www.bleepingcomputer.com/news/security/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5058481 update brings seconds back to calendar flyout

Microsoft has released the optional KB5058481 preview cumulative update for Windows 10 22H2 with seven changes, including restoring seconds to the time display in the calendar flyout for those who previously lost it. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5058481-update-brings-seconds-back-to-calendar-flyout/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5058499 update rolls out new Share and Click to Do features

​​Microsoft has released the KB5058499 preview cumulative update for Windows 11 24H2 with forty-eight new features or changes, with many gradually rolling out, such as the new Windows Share feature and tje Click to Do Preview. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5058499-update-rolls-out-new-share-and-click-to-do-features/ Posted from: this blog via Microsoft Power Automate .

APT41 malware abuses Google Calendar for stealthy C2 communication

The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. [...] https://www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/ Posted from: this blog via Microsoft Power Automate .

New PumaBot botnet brute forces SSH credentials to breach devices

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. [...] https://www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/ Posted from: this blog via Microsoft Power Automate .

Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor

Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. [...] https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/ Posted from: this blog via Microsoft Power Automate .

Czechia blames China for Ministry of Foreign Affairs cyberattack

The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's Ministry of Foreign Affairs and critical infrastructure organizations. [...] https://www.bleepingcomputer.com/news/security/czechia-blames-china-for-ministry-of-foreign-affairs-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Microsoft introduces new Windows backup tool for businesses

Microsoft has introduced Windows Backup for Organizations, a new backup tool for enterprises that simplifies backups and makes the transition to Windows 11 easier. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-introduces-new-windows-backup-tool-for-businesses/ Posted from: this blog via Microsoft Power Automate .

Microsoft wants Windows to update all software on your PC

Microsoft has introduced a new update orchestration platform built on the existing Windows Update infrastructure, which aims to unify the updating system for all apps, drivers, and system components on Windows systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-windows-to-update-all-software-on-your-pc/ Posted from: this blog via Microsoft Power Automate .

Apple blocked over $9 billion in App Store fraud in five years

Apple says it blocked over $9 billion in fraudulent App Store transactions over the last five years, with over $2 billion in potentially fraudulent sanctions prevented in 2024 alone. [...] https://www.bleepingcomputer.com/news/apple/apple-blocked-over-9-billion-in-apap-store-fraud-since-2020/ Posted from: this blog via Microsoft Power Automate .

DragonForce ransomware abuses MSP’s SimpleHelp RMM to encrypt customers

The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...] https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-msps-simplehelp-rmm-to-encrypt-customers/ Posted from: this blog via Microsoft Power Automate .

Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years

An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. [...] https://www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/ Posted from: this blog via Microsoft Power Automate .

Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable

Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...] https://www.bleepingcomputer.com/news/security/not-every-cve-deserves-a-fire-drill-focus-on-whats-exploitable/ Posted from: this blog via Microsoft Power Automate .

MATLAB dev confirms ransomware attack behind service outage

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. [...] https://www.bleepingcomputer.com/news/security/mathworks-blames-ransomware-attack-for-ongoing-outages/ Posted from: this blog via Microsoft Power Automate .

Russian Void Blizzard cyberspies linked to Dutch police breach

A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. [...] https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/ Posted from: this blog via Microsoft Power Automate .

Windows Server emergency update fixes Hyper-V VM freezes, restart issues

Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. [...] https://www.bleepingcomputer.com/news/microsoft/windows-server-emergency-update-fixes-hyper-v-vm-freezes-restart-issues/ Posted from: this blog via Microsoft Power Automate .

Adidas warns of data breach after customer service provider hack

German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. [...] https://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/ Posted from: this blog via Microsoft Power Automate .

Vibe coding company says Claude 4 reduced syntax errors by 25%

Lovable, which is a Vibe coding company, announced that Claude 4 has reduced its errors by 25% and made it faster by 40%. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/vibe-coding-company-says-claude-4-reduced-syntax-errors-by-25-percent/ Posted from: this blog via Microsoft Power Automate .

Vibe coding company says Claude 4 reduced syntax errors by 25%

Lovable, which is a Vibe coding company, announced that Claude 4 has reduced its errors by 25% and made it faster by 40%. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/vibe-coding-company-says-claude-4-reduced-syntax-errors-by-25-percent/ Posted from: this blog via Microsoft Power Automate .

Leak suggests xAI is getting ready to ship Grok 3.5

xAI, founded by Elon Musk, is preparing to launch Grok 3.5, the company's next state-of-the-art AI model. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-suggests-xai-is-getting-ready-to-ship-grok-35/ Posted from: this blog via Microsoft Power Automate .

Leak suggests xAI is getting ready to ship Grok 3.5

xAI, founded by Elon Musk, is preparing to launch Grok 3.5, the company's next state-of-the-art AI model. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-suggests-xai-is-getting-ready-to-ship-grok-35/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Deep Research can now pull data from Dropbox and Box

You can now connect your Box and Dropbox accounts to Deep Research on ChatGPT and pull data, which will be used by the AI to conduct research. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-deep-research-can-now-pull-data-from-dropbox-and-box/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Deep Research can now pull data from Dropbox and Box

You can now connect your Box and Dropbox accounts to Deep Research on ChatGPT and pull data, which will be used by the AI to conduct research. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-deep-research-can-now-pull-data-from-dropbox-and-box/ Posted from: this blog via Microsoft Power Automate .

Researchers claim ChatGPT o3 bypassed shutdown in controlled test

A new report claims that OpenAI's o3 model altered a shutdown script to avoid being turned off, even when explicitly instructed to allow shutdown [...] https://www.bleepingcomputer.com/news/artificial-intelligence/researchers-claim-chatgpt-o3-bypassed-shutdown-in-controlled-test/ Posted from: this blog via Microsoft Power Automate .

Researchers claim ChatGPT o3 bypassed shutdown in controlled test

A new report claims that OpenAI's o3 model altered a shutdown script to avoid being turned off, even when explicitly instructed to allow shutdown [...] https://www.bleepingcomputer.com/news/artificial-intelligence/researchers-claim-chatgpt-o3-bypassed-shutdown-in-controlled-test/ Posted from: this blog via Microsoft Power Automate .

Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware

The Bumblebee malware SEO poisoning campaign uncovered earlier this week aimpersonating RVTools is using more typosquatting domainsi mimicking other popular open-source projects to infect devices used by IT staff. [...] https://www.bleepingcomputer.com/news/security/bumblebee-malware-distributed-via-zenmap-winmrt-seo-poisoning/ Posted from: this blog via Microsoft Power Automate .

OpenAI confirms Operator Agent is now more accurate with o3

OpenAI says Operator Agent now uses the o3 model, which means it's now significantly better at reasoning capabilities. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-confirms-operator-agent-is-now-more-accurate-with-o3/ Posted from: this blog via Microsoft Power Automate .

OpenAI confirms Operator Agent is now more accurate with o3

OpenAI says Operator Agent now uses the o3 model, which means it's now significantly better at reasoning capabilities. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-confirms-operator-agent-is-now-more-accurate-with-o3/ Posted from: this blog via Microsoft Power Automate .

Dozens of malicious packages on NPM collect host and network data

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. [...] https://www.bleepingcomputer.com/news/security/dozens-of-malicious-packages-on-npm-collect-host-and-network-data/ Posted from: this blog via Microsoft Power Automate .

FBI warns of Luna Moth extortion attacks targeting law firms

The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-luna-moth-extortion-attacks-targeting-law-firms/ Posted from: this blog via Microsoft Power Automate .

Claude 4 benchmarks show improvements, but context is still 200K

Today, OpenAI rival Anthropic announced Claude 4 models, which are significantly better than Claude 3 in benchmarks, but we're left disappointed with the same 200,000 context window limit. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/claude-4-benchmarks-show-improvements-but-context-is-still-200k/ Posted from: this blog via Microsoft Power Automate .

Claude 4 benchmarks show improvements, but context is still 200K

Today, OpenAI rival Anthropic announced Claude 4 models, which are significantly better than Claude 3 in benchmarks, but we're left disappointed with the same 200,000 context window limit. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/claude-4-benchmarks-show-improvements-but-context-is-still-200k/ Posted from: this blog via Microsoft Power Automate .

US indicts leader of Qakbot botnet linked to ransomware attacks

The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/us-indicts-leader-of-qakbot-botnet-linked-to-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Hackers use fake Ledger apps to steal Mac users’ seed phrases

Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/hackers-use-fake-ledger-apps-to-steal-mac-users-seed-phrases/ Posted from: this blog via Microsoft Power Automate .

Police arrests 270 dark web vendors, buyers in global crackdown

Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. [...] https://www.bleepingcomputer.com/news/security/police-arrests-270-dark-web-vendors-buyers-in-global-crackdown/ Posted from: this blog via Microsoft Power Automate .

Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. [...] https://www.bleepingcomputer.com/news/security/ivanti-epmm-flaw-exploited-by-chinese-hackers-to-breach-govt-agencies/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers breach US local governments using Cityworks zero-day

Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-us-local-governments-using-cityworks-zero-day/ Posted from: this blog via Microsoft Power Automate .

Anthropic web config hints at Claude Sonnet 4 and Opus 4

Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company's most advanced AI models. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-web-config-hints-at-claude-sonnet-4-and-opus-4/ Posted from: this blog via Microsoft Power Automate .

Anthropic web config hints at Claude Sonnet 4 and Opus 4

Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company's most advanced AI models. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-web-config-hints-at-claude-sonnet-4-and-opus-4/ Posted from: this blog via Microsoft Power Automate .

OpenAI hints at a big upgrade for ChatGPT Operator Agent

ChatGPT's Operator, which is still in research preview, will soon become a "very useful tool," according to Jerry Tworek, VP of Research at OpenAI. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-hints-at-a-big-upgrade-for-chatgpt-operator-agent/ Posted from: this blog via Microsoft Power Automate .

OpenAI hints at a big upgrade for ChatGPT Operator Agent

ChatGPT's Operator, which is still in research preview, will soon become a "very useful tool," according to Jerry Tworek, VP of Research at OpenAI. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-hints-at-a-big-upgrade-for-chatgpt-operator-agent/ Posted from: this blog via Microsoft Power Automate .

Critical Samlify SSO flaw lets attackers log in as admin

A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. [...] https://www.bleepingcomputer.com/news/security/critical-samlify-sso-flaw-lets-attackers-log-in-as-admin/ Posted from: this blog via Microsoft Power Automate .

Russian hackers breach orgs to track aid routes to Ukraine

A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. [...] https://www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/ Posted from: this blog via Microsoft Power Automate .

Russia to enforce location tracking app on all foreigners in Moscow

The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. [...] https://www.bleepingcomputer.com/news/government/russia-to-enforce-location-tracking-app-on-all-foreigners-in-moscow/ Posted from: this blog via Microsoft Power Automate .

3AM ransomware uses spoofed IT calls, email bombing to breach networks

A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. [...] https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/ Posted from: this blog via Microsoft Power Automate .

Lumma infostealer malware operation disrupted, 2,300 domains seized

Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. [...] https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-operation-disrupted-2-300-domains-seized/ Posted from: this blog via Microsoft Power Automate .

Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. [...] https://www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/ Posted from: this blog via Microsoft Power Automate .

ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows

Patching is basic cyber hygiene — but executing it at scale, securely, and fast? That's the real challenge. ThreatLocker's Patch Management flips the script with control, visibility, and Zero Trust workflows built for today's threat landscape. [...] https://www.bleepingcomputer.com/news/security/threatlocker-patch-management-a-security-first-approach-to-closing-vulnerability-windows/ Posted from: this blog via Microsoft Power Automate .

PowerSchool hacker pleads guilty to student data extortion scheme

A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. [...] https://www.bleepingcomputer.com/news/security/powerschool-hacker-pleads-guilty-to-student-data-extortion-scheme/ Posted from: this blog via Microsoft Power Automate .

Mobile carrier Cellcom confirms cyberattack behind extended outages

Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. [...] https://www.bleepingcomputer.com/news/security/mobile-carrier-cellcom-confirms-cyberattack-behind-extended-outages/ Posted from: this blog via Microsoft Power Automate .

Mobile carrier Cellcom confirms cyberattack behind extended outages

Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. [...] https://www.bleepingcomputer.com/news/security/mobile-carrier-cellcom-confirms-cyberattack-behind-extended-outages/ Posted from: this blog via Microsoft Power Automate .

Premium WordPress 'Motors' theme vulnerable to admin takeover attacks

A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. [...] https://www.bleepingcomputer.com/news/security/premium-wordpress-motors-theme-vulnerable-to-admin-takeover-attacks/ Posted from: this blog via Microsoft Power Automate .

VanHelsing ransomware builder leaked on hacking forum

The VanHelsing ransomware-as-a-service operation published the source code for its affiliate panel, data leak blog, and Windows encryptor builder after an old developer tried to sell it on the RAMP cybercrime forum. [...] https://www.bleepingcomputer.com/news/security/vanhelsing-ransomware-builder-leaked-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

SK Telecom says malware breach lasted 3 years, impacted 27 million numbers

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. [...] https://www.bleepingcomputer.com/news/security/sk-telecom-says-malware-breach-lasted-3-years-impacted-27-million-numbers/ Posted from: this blog via Microsoft Power Automate .

Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...] https://www.bleepingcomputer.com/news/security/hazy-hawk-gang-exploits-dns-misconfigs-to-hijack-trusted-domains/ Posted from: this blog via Microsoft Power Automate .

Service desks are under attack: What can you do about it?

Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. [...] https://www.bleepingcomputer.com/news/security/service-desks-are-under-attack-what-can-you-do-about-it/ Posted from: this blog via Microsoft Power Automate .

OpenAI plans to combine multiple models into GPT-5

OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-plans-to-combine-multiple-models-into-gpt-5/ Posted from: this blog via Microsoft Power Automate .

OpenAI plans to combine multiple models into GPT-5

OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-plans-to-combine-multiple-models-into-gpt-5/ Posted from: this blog via Microsoft Power Automate .

Fake KeePass password manager leads to ESXi ransomware attack

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. [...] https://www.bleepingcomputer.com/news/security/fake-keepass-password-manager-leads-to-esxi-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

O2 UK patches bug leaking mobile user location from call metadata

A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. [...] https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/ Posted from: this blog via Microsoft Power Automate .

Microsoft unveils Windows AI Foundry for AI-powered PC apps

Microsoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-windows-ai-foundry-for-ai-powered-pc-apps/ Posted from: this blog via Microsoft Power Automate .

Microsoft open-sources Windows Subsystem for Linux at Build 2025

Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-open-sources-windows-subsystem-for-linux-at-build-2025/ Posted from: this blog via Microsoft Power Automate .

UK Legal Aid Agency confirms applicant data stolen in data breach

The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. [...] https://www.bleepingcomputer.com/news/security/uk-legal-aid-agency-confirms-applicant-data-stolen-in-data-breach/ Posted from: this blog via Microsoft Power Automate .

Mozilla fixes Firefox zero-days exploited at hacking contest

Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...] https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-days-exploited-at-hacking-contest/ Posted from: this blog via Microsoft Power Automate .

Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin

The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...] https://www.bleepingcomputer.com/news/security/hackers-earn-1-078-750-for-28-zero-days-at-pwn2own-berlin/ Posted from: this blog via Microsoft Power Automate .

New 'Defendnot' tool tricks Windows into disabling Microsoft Defender

A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. [...] https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms May Windows 10 updates trigger BitLocker recovery

​Microsoft has confirmed that some Windows 10 and Windows 10 Enterprise LTSC 2021 systems will boot into BitLocker recovery after installing the May 2025 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-may-windows-10-updates-trigger-bitlocker-recovery/ Posted from: this blog via Microsoft Power Automate .

Israel arrests new suspect behind Nomad Bridge $190M crypto hack

An American-Israeli national named Osei Morrell has been arrested in Israel for his alleged involvement in exploiting the Nomad bridge smart-contract in August 2022 that allowed hackers to siphon $190 million. [...] https://www.bleepingcomputer.com/news/legal/israel-arrests-new-suspect-behind-nomad-bridge-190m-crypto-hack/ Posted from: this blog via Microsoft Power Automate .

ChatGPT rolls out Codex, an AI tool for software programming

OpenAI is rolling out 'Codex' for ChatGPT, which is an AI agent that automates and delegates programming tasks for software engineers. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-rolls-out-codex-an-ai-tool-for-software-programming/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/ Posted from: this blog via Microsoft Power Automate .

Leak confirms OpenAI's ChatGPT will integrate MCP

ChatGPT is testing support for Model Context Protocol (MCP), which will allow the AI to connect to third-party services and use them as context. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openais-chatgpt-will-integrate-mcp/ Posted from: this blog via Microsoft Power Automate .

Leak confirms OpenAI's ChatGPT will integrate MCP

ChatGPT is testing support for Model Context Protocol (MCP), which will allow the AI to connect to third-party services and use them as context. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openais-chatgpt-will-integrate-mcp/ Posted from: this blog via Microsoft Power Automate .

ChatGPT will soon record, transcribe, and summarize your meetings

OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new "Record" feature in ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-will-soon-record-transcribe-and-summarize-your-meetings/ Posted from: this blog via Microsoft Power Automate .

ChatGPT will soon record, transcribe, and summarize your meetings

OpenAI may be planning to challenge Microsoft Teams Copilot integration with a new "Record" feature in ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-will-soon-record-transcribe-and-summarize-your-meetings/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5058379 update triggers BitLocker recovery on some devices

The Windows 10 KB5058379 cumulative update is triggering unexpected BitLocker recovery prompts on some devices afters it's installed and the computer restarted. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5058379-update-triggering-bitlocker-recovery-after-install/ Posted from: this blog via Microsoft Power Automate .

Government webmail hacked via XSS bugs in global spy campaign

Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. [...] https://www.bleepingcomputer.com/news/security/government-webmail-hacked-via-xss-bugs-in-global-spy-campaign/ Posted from: this blog via Microsoft Power Automate .

FBI: US officials targeted in voice deepfake attacks since April

The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April. [...] https://www.bleepingcomputer.com/news/security/fbi-us-officials-targeted-in-voice-deepfake-attacks-since-april/ Posted from: this blog via Microsoft Power Automate .

Nova Scotia Power confirms hackers stole customer data in cyberattack

Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. [...] https://www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. [...] https://www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/ Posted from: this blog via Microsoft Power Automate .

New Tor Oniux tool anonymizes any Linux app's network traffic

Tor has announced Oniux, a new command-line tool for routing any Linux application securely through the Tor network for anonymized network connections. [...] https://www.bleepingcomputer.com/news/security/new-tor-oniux-tool-anonymizes-any-linux-apps-network-traffic/ Posted from: this blog via Microsoft Power Automate .

Coinbase data breach exposes customer info and government IDs

Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information. [...] https://www.bleepingcomputer.com/news/security/coinbase-discloses-breach-faces-up-to-400-million-in-losses/ Posted from: this blog via Microsoft Power Automate .

Google fixes high severity Chrome flaw with public exploit

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...] https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to block admin-level browser launches for better security

Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...] https://www.bleepingcomputer.com/news/google/google-chrome-to-block-admin-level-browser-launches-for-better-security/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to block admin-level browser launches for better security

Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...] https://www.bleepingcomputer.com/news/google/google-chrome-to-block-admin-level-browser-launches-for-better-security/ Posted from: this blog via Microsoft Power Automate .

Hackers behind UK retail attacks now targeting US companies

Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. [...] https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs join ongoing SAP NetWeaver attacks

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/ Posted from: this blog via Microsoft Power Automate .

Australian Human Rights Commission leaks docs to search engines

The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. [...] https://www.bleepingcomputer.com/news/security/australian-human-rights-commission-leaks-docs-to-search-engines/ Posted from: this blog via Microsoft Power Automate .

SAP patches second zero-day flaw exploited in recent attacks

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. [...] https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/ Posted from: this blog via Microsoft Power Automate .

North Korea ramps up cyberspying in Ukraine to assess war risk

The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. [...] https://www.bleepingcomputer.com/news/security/north-korea-ramps-up-cyberspying-in-ukraine-to-assess-war-risk/ Posted from: this blog via Microsoft Power Automate .

Ivanti fixes EPMM zero-days chained in code execution attacks

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. [...] https://www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws

Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2025-patch-tuesday-fixes-5-exploited-zero-days-72-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer

Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5058379-update-fixes-sgrmbroker-errors-in-event-viewer/ Posted from: this blog via Microsoft Power Automate .

Fortinet fixes critical zero-day exploited in FortiVoice attacks

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. [...] https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns of critical Neurons for ITSM auth bypass flaw

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-neurons-for-itsm-auth-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

New Intel CPU flaws leak sensitive data from privileged memory

A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. [...] https://www.bleepingcomputer.com/news/security/new-intel-cpu-flaws-leak-sensitive-data-from-privileged-memory/ Posted from: this blog via Microsoft Power Automate .

M&S says customer data stolen in cyberattack, forces password resets

Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. [...] https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/ Posted from: this blog via Microsoft Power Automate .

ASUS DriverHub flaw let malicious sites run commands with admin rights

The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. [...] https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/ Posted from: this blog via Microsoft Power Automate .

Windows 11 upgrade block lifted after Safe Exam Browser fix

Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-upgrade-block-lifted-after-safe-exam-browser-fix/ Posted from: this blog via Microsoft Power Automate .

Hackers now testing ClickFix attacks against Linux targets

A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. [...] https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/ Posted from: this blog via Microsoft Power Automate .

Output Messenger flaw exploited as zero-day in espionage attacks

A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. [...] https://www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/ Posted from: this blog via Microsoft Power Automate .

Moldova arrests suspect linked to DoppelPaymer ransomware attacks

Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. [...] https://www.bleepingcomputer.com/news/security/moldova-arrests-suspect-linked-to-doppelpaymer-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals

99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. [...] https://www.bleepingcomputer.com/news/security/majority-of-browser-extensions-pose-critical-security-risk-a-new-report-reveals/ Posted from: this blog via Microsoft Power Automate .

Bluetooth 6.1 enhances privacy with randomized RPA timing

The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. [...] https://www.bleepingcomputer.com/news/security/bluetooth-61-enhances-privacy-with-randomized-rpa-timing/ Posted from: this blog via Microsoft Power Automate .

ChatGPT is finally adding Download as PDF for Deep Research

ChatGPT's Deep Research, which allows you to conduct multi-step research for complex tasks, is finally getting an option to save the report as a PDF. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-finally-adding-download-as-pdf-for-deep-research/ Posted from: this blog via Microsoft Power Automate .

Fake AI video generators drop new Noodlophile infostealer malware

Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called 'Noodlophile,' under the guise of generated media content. [...] https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-drop-new-noodlophile-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Ascension says recent data breach affects over 430,000 patients

Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients. [...] https://www.bleepingcomputer.com/news/security/ascension-says-recent-data-breach-affects-over-430-000-patients/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to use on-device AI to detect tech support scams

Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...] https://www.bleepingcomputer.com/news/security/google-chrome-to-use-on-device-ai-to-detect-tech-support-scams/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers behind attacks targeting SAP NetWeaver servers

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-behind-attacks-targeting-sap-netweaver-servers/ Posted from: this blog via Microsoft Power Automate .

Germany takes down eXch cryptocurrency exchange, seizes servers

The Federal police in Germany (BKA) seized the server infrastructure and shut down the 'eXch' cryptocurrency exchange platform for alleged money laundering cybercrime proceeds. [...] https://www.bleepingcomputer.com/news/security/germany-takes-down-exch-cryptocurrency-exchange-seizes-servers/ Posted from: this blog via Microsoft Power Automate .

FBI: End-of-life routers hacked for cybercrime proxy networks

The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. [...] https://www.bleepingcomputer.com/news/security/fbi-end-of-life-routers-hacked-for-cybercrime-proxy-networks/ Posted from: this blog via Microsoft Power Automate .

FBI: End-of-life routers hacked for cybercrime proxy networks

The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. [...] https://www.bleepingcomputer.com/news/security/fbi-end-of-life-routers-hacked-for-cybercrime-proxy-networks/ Posted from: this blog via Microsoft Power Automate .

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. [...] https://www.bleepingcomputer.com/news/security/cisco-fixes-max-severity-ios-xe-flaw-letting-attackers-hijack-devices/ Posted from: this blog via Microsoft Power Automate .

Education giant Pearson hit by cyberattack exposing customer data

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...] https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/ Posted from: this blog via Microsoft Power Automate .

Supply chain attack hits npm package with 45,000 weekly downloads

An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. [...] https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/ Posted from: this blog via Microsoft Power Automate .

Education giant Pearson hit by cyberattack exposing customer data

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...] https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/ Posted from: this blog via Microsoft Power Automate .

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. [...] https://www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/ Posted from: this blog via Microsoft Power Automate .

Kickidler employee monitoring software abused in ransomware attacks

Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. [...] https://www.bleepingcomputer.com/news/security/kickidler-employee-monitoring-software-abused-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

VC giant Insight Partners confirms investor data stolen in breach

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. [...] https://www.bleepingcomputer.com/news/security/vc-giant-insight-partners-confirms-investor-data-stolen-in-breach/ Posted from: this blog via Microsoft Power Automate .

Google links new LostKeys data theft malware to Russian cyberspies

Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. [...] https://www.bleepingcomputer.com/news/security/google-links-new-lostkeys-data-theft-malware-to-russian-cyberspies/ Posted from: this blog via Microsoft Power Automate .

SonicWall urges admins to patch VPN flaw exploited in attacks

SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks [...] https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

CoGUI phishing platform sent 580 million emails to steal credentials

A new phishing kit named 'CoGUI' sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. [...] https://www.bleepingcomputer.com/news/security/cogui-phishing-platform-sent-580-million-emails-to-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. [...] https://www.bleepingcomputer.com/news/security/play-ransomware-exploited-windows-logging-flaw-in-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users

A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. [...] https://www.bleepingcomputer.com/news/legal/nso-group-fined-167m-for-spyware-attacks-on-1-400-whatsapp-users/ Posted from: this blog via Microsoft Power Automate .

Medical device maker Masimo warns of cyberattack, manufacturing delays

Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders. [...] https://www.bleepingcomputer.com/news/security/medical-device-maker-masimo-warns-of-cyberattack-manufacturing-delays/ Posted from: this blog via Microsoft Power Automate .

CISA warns of hackers targeting critical oil infrastructure

CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-targeting-critical-oil-infrastructure/ Posted from: this blog via Microsoft Power Automate .

Police takes down six DDoS-for-hire services, arrests admins

​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. [...] https://www.bleepingcomputer.com/news/security/police-takes-down-six-ddos-for-hire-services-arrests-admins/ Posted from: this blog via Microsoft Power Automate .

Critical Langflow RCE flaw exploited to hack AI app servers

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...] https://www.bleepingcomputer.com/news/security/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers/ Posted from: this blog via Microsoft Power Automate .

New Microsoft 365 outage impacts Teams and other services

Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. [...] https://www.bleepingcomputer.com/news/microsoft/new-microsoft-365-outage-impacts-teams-and-other-services/ Posted from: this blog via Microsoft Power Automate .

Why EASM is vital to modern digital risk protection

You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back control. Learn from Outpost24 how EASM powers proactive digital risk protection. [...] https://www.bleepingcomputer.com/news/security/why-easm-is-vital-to-modern-digital-risk-protection/ Posted from: this blog via Microsoft Power Automate .

Google fixes actively exploited FreeType flaw on Android

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...] https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-freetype-flaw-on-android/ Posted from: this blog via Microsoft Power Automate .

Microsoft unveils new AI agents that can modify Windows settings

Today, Microsoft announced new Windows experiences for Copilot+ PCs, including AI agents that will make changing settings on your Windows computer easier. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-ai-agents-that-can-modify-windows-settings/ Posted from: this blog via Microsoft Power Automate .

Luna Moth extortion hackers pose as IT help desks to breach US firms

The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. [...] https://www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/ Posted from: this blog via Microsoft Power Automate .

New "Bring Your Own Installer" EDR bypass used in ransomware attack

A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. [...] https://www.bleepingcomputer.com/news/security/new-bring-your-own-installer-edr-bypass-used-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Unofficial Signal app used by Trump officials investigates hack

TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. [...] https://www.bleepingcomputer.com/news/security/unofficial-signal-app-used-by-trump-officials-investigates-hack/ Posted from: this blog via Microsoft Power Automate .

Darcula PhaaS steals 884,000 credit cards via SMS phishing texts

The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. [...] https://www.bleepingcomputer.com/news/security/darcula-phaas-steals-884-000-credit-cards-via-sms-phishing-texts/ Posted from: this blog via Microsoft Power Automate .

Microsoft is killing Skype today, pushes users to Teams

The Skype video call and messaging service is shutting down today, 14 years after replacing Microsoft's Windows Live Messenger. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-is-killing-skype-today-pushes-users-to-teams/ Posted from: this blog via Microsoft Power Automate .

UK shares security tips after major retail cyberattacks

Following three high-profile cyberattacks impacting major UK retailers, the country's National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. [...] https://www.bleepingcomputer.com/news/security/uk-shares-security-tips-after-major-retail-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft silently fixes Start menu bug affecting Windows 10 PCs

Microsoft has silently fixed an issue that broke Start Menu jump lists for all apps on systems running Windows 10, version 22H2. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-silently-fixes-start-menu-bug-affecting-windows-10-pcs/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows 11 24H2 now ready to rollout to everyone

​Microsoft announced over the weekend that the Windows 11 24H2 update is ready to roll out to all compatible PCs, excluding those with safeguard holds. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-24h2-now-ready-to-rollout-to-everyone/ Posted from: this blog via Microsoft Power Automate .

OpenAI document explains when to use each ChatGPT model

OpenAI admitted that it can be confusing for users to choose between all the different models, but the company has quietly published a document that makes it easier to understand ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-document-explains-when-to-use-each-chatgpt-model/ Posted from: this blog via Microsoft Power Automate .

OpenAI document explains when to use each ChatGPT model

OpenAI admitted that it can be confusing for users to choose between all the different models, but the company has quietly published a document that makes it easier to understand ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-document-explains-when-to-use-each-chatgpt-model/ Posted from: this blog via Microsoft Power Automate .

StealC malware enhanced with stealth upgrades and data theft tools

The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. [...] https://www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/ Posted from: this blog via Microsoft Power Automate .

Google NotebookLM is now using Gemini 2.5 Flash

Google NotebookLM, which is a research and note-taking AI tool, is getting upgraded to Gemini 2.5 Flash. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-notebooklm-is-now-using-gemini-25-flash/ Posted from: this blog via Microsoft Power Automate .

Microsoft ends Authenticator password autofill, moves users to Edge

Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. [...] https://www.bleepingcomputer.com/news/security/microsoft-ends-authenticator-password-autofill-moves-users-to-edge/ Posted from: this blog via Microsoft Power Automate .

Google NotebookLM is now using Gemini 2.5 Flash

Google NotebookLM, which is a research and note-taking AI tool, is getting upgraded to Gemini 2.5 Flash. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-notebooklm-is-now-using-gemini-25-flash/ Posted from: this blog via Microsoft Power Automate .

Microsoft ends Authenticator password autofill, moves users to Edge

Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. [...] https://www.bleepingcomputer.com/news/security/microsoft-ends-authenticator-password-autofill-moves-users-to-edge/ Posted from: this blog via Microsoft Power Automate .

Co-op confirms data theft after DragonForce ransomware claims attack

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. [...] https://www.bleepingcomputer.com/news/security/co-op-confirms-data-theft-after-dragonforce-ransomware-claims-attack/ Posted from: this blog via Microsoft Power Automate .

Magento supply chain attack compromises hundreds of e-stores

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. [...] https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Exchange Online bug flagging Gmail emails as spam

​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-exchange-online-bug-flagging-gmail-emails-as-spam/ Posted from: this blog via Microsoft Power Automate .

Microsoft makes all new accounts passwordless by default

Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/ Posted from: this blog via Microsoft Power Automate .

Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data

A California man who used the alias "NullBulge" has pleaded guilty to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data. [...] https://www.bleepingcomputer.com/news/security/hacker-nullbulge-pleads-guilty-to-stealing-disneys-slack-data/ Posted from: this blog via Microsoft Power Automate .

Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks

Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. [...] https://www.bleepingcomputer.com/news/security/pro-russia-hacktivists-bombard-dutch-public-orgs-with-ddos-attacks/ Posted from: this blog via Microsoft Power Automate .

Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks

Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. [...] https://www.bleepingcomputer.com/news/security/pro-russia-hacktivists-bombard-dutch-public-orgs-with-ddos-attacks/ Posted from: this blog via Microsoft Power Automate .

Ukrainian extradited to US for Nefilim ransomware attacks

A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. [...] https://www.bleepingcomputer.com/news/security/ukrainian-extradited-to-us-for-nefilim-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Harrods the next UK retailer targeted in a cyberattack

London's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. [...] https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Malicious PyPI packages abuse Gmail, websockets to hijack systems

Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. [...] https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/ Posted from: this blog via Microsoft Power Automate .