Posts

Showing posts from June, 2025

U.S. warns of Iranian cyber threats on critical infrastructure

U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. [...] https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-cyber-threats-on-critical-infrastructure/ Posted from: this blog via Microsoft Power Automate .

Germany asks Google, Apple remove DeepSeek AI from app stores

The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...] https://www.bleepingcomputer.com/news/security/germany-asks-google-apple-remove-deepseek-ai-from-app-stores/ Posted from: this blog via Microsoft Power Automate .

Switzerland says government data stolen in ransomware attack

The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. [...] https://www.bleepingcomputer.com/news/security/switzerland-says-government-data-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft warns of Windows update delays due to wrong timestamp

Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-Windows-security-update-delays-due-to-incorrect-metadata-timestamp/ Posted from: this blog via Microsoft Power Automate .

Europol helps disrupt $540 million crypto investment fraud ring

Spanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. [...] https://www.bleepingcomputer.com/news/security/europol-helps-disrupt-540-million-crypto-investment-fraud-ring/ Posted from: this blog via Microsoft Power Automate .

FBI: Cybercriminals steal health data posing as fraud investigators

The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-cybercriminals-steal-health-data-posing-as-fraud-investigators/ Posted from: this blog via Microsoft Power Automate .

Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. [...] https://www.bleepingcomputer.com/news/security/over-1-200-citrix-servers-unpatched-against-critical-auth-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

Google rolls out Veo 3 video generator, try it for free using credits

Google is rolling out Veo 3 to everyone using Vertex AI, which is an ML-testing platform provided by Google Cloud. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-rolls-out-veo-3-video-generator-try-it-for-free-using-credits/ Posted from: this blog via Microsoft Power Automate .

Bluetooth flaws could let hackers spy through your microphone

Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. [...] https://www.bleepingcomputer.com/news/security/bluetooth-flaws-could-let-hackers-spy-through-your-microphone/ Posted from: this blog via Microsoft Power Automate .

Russia’s throttling of Cloudflare makes sites inaccessible

Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant. [...] https://www.bleepingcomputer.com/news/technology/russias-throttling-of-cloudflare-makes-sites-inaccessible/ Posted from: this blog via Microsoft Power Automate .

Citrix Bleed 2 flaw now believed to be exploited in attacks

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...] https://www.bleepingcomputer.com/news/security/citrix-bleed-2-flaw-now-believed-to-be-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Retail giant Ahold Delhaize says data breach affects 2.2 million people

Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. [...] https://www.bleepingcomputer.com/news/security/retail-giant-ahold-delhaize-says-data-breach-affects-22-million-people/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5060829 update released with 38 new changes, fixes

​​Microsoft has released the KB5060829 preview cumulative update for Windows 11 24H2, which includes 38 changes, including improvements to the taskbar and a new PC-to-PC migration experience. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5060829-update-released-with-38-new-changes-fixes/ Posted from: this blog via Microsoft Power Automate .

Whole Foods supplier UNFI restores core systems after cyberattack

American grocery wholesale giant United Natural Foods (UNFI) reports that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. [...] https://www.bleepingcomputer.com/news/security/whole-foods-supplier-unfi-restores-core-systems-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Hawaiian Airlines discloses cyberattack, flights not affected

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. [...] https://www.bleepingcomputer.com/news/security/hawaiian-airlines-discloses-cyberattack-flights-not-affected/ Posted from: this blog via Microsoft Power Automate .

FTC approves $126 million in Fortnite refunds over ‘dark patterns’

The Federal Trade Commission (FTC) has approved $126,000,000 in refunds to be sent to 969,173 Fortnite players as part of a settlement over allegations that Epic Games tricked users into making unwanted purchases. [...] https://www.bleepingcomputer.com/news/legal/ftc-approves-126-million-in-fortnite-refunds-over-dark-patterns/ Posted from: this blog via Microsoft Power Automate .

FTC approves $126 million in Fortnite refunds over ‘dark patterns’

The Federal Trade Commission (FTC) has approved $126,000,000 in refunds to be sent to 969,173 Fortnite players as part of a settlement over allegations that Epic Games tricked users into making unwanted purchases. [...] https://www.bleepingcomputer.com/news/legal/ftc-approves-126-million-in-fortnite-refunds-over-dark-patterns/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 'Direct Send' abused to send phishing as internal users

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials. [...] https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Outlook bug causing crashes when opening emails

Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-bug-causing-crashes-when-opening-emails/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms Family Safety blocks Google Chrome from launching

Microsoft has confirmed that its Family Safety parental control service is blocking users from launching Google Chrome and other web browsers on Windows systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-family-safety-blocks-google-chrome-from-launching/ Posted from: this blog via Microsoft Power Automate .

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. [...] https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/ Posted from: this blog via Microsoft Power Automate .

British hacker 'IntelBroker' charged with $25M in cybercrime damages

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...] https://www.bleepingcomputer.com/news/security/british-hacker-intelbroker-charged-with-25m-in-cybercrime-damages/ Posted from: this blog via Microsoft Power Automate .

Hackers turn ScreenConnect into malware using Authenticode stuffing

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's  Authenticode signature. [...] https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/ Posted from: this blog via Microsoft Power Automate .

Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. [...] https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/ Posted from: this blog via Microsoft Power Automate .

WinRAR patches bug letting malware launch from extracted archives

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. [...] https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/ Posted from: this blog via Microsoft Power Automate .

New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. [...] https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/ Posted from: this blog via Microsoft Power Automate .

BreachForums hacking forum operators reportedly arrested in France

The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. [...] https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/ Posted from: this blog via Microsoft Power Automate .

Google rolls out text-to-image model Imagen 4 for free

Google confirmed that Imagen 4, which is the company's state-of-the-art text-to-image, is rolling out for free, but only on AI Studio. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-rolls-out-text-to-image-model-imagen-4-for-free/ Posted from: this blog via Microsoft Power Automate .

Google rolls out text-to-image model Imagen 4 for free

Google confirmed that Imagen 4, which is the company's state-of-the-art text-to-image, is rolling out for free, but only on AI Studio. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-rolls-out-text-to-image-model-imagen-4-for-free/ Posted from: this blog via Microsoft Power Automate .

Claude catches up to ChatGPT with built-in memory support

AI startup Anthorpic is planning to add a memory feature to Claude in a bid to take on ChatGPT, which has an advanced memory feature. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/claude-catches-up-to-chatgpt-with-built-in-memory-support/ Posted from: this blog via Microsoft Power Automate .

Google Cloud donates A2A AI protocol to the Linux Foundation

Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, which has now announced a new community-driven project called the Agent2Agent Project. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-cloud-donates-a2a-ai-protocol-to-the-linux-foundation/ Posted from: this blog via Microsoft Power Automate .

Claude catches up to ChatGPT with built-in memory support

AI startup Anthorpic is planning to add a memory feature to Claude in a bid to take on ChatGPT, which has an advanced memory feature. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/claude-catches-up-to-chatgpt-with-built-in-memory-support/ Posted from: this blog via Microsoft Power Automate .

Google Cloud donates A2A AI protocol to the Linux Foundation

Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, which has now announced a new community-driven project called the Agent2Agent Project. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-cloud-donates-a2a-ai-protocol-to-the-linux-foundation/ Posted from: this blog via Microsoft Power Automate .

SonicWall warns of trojanized NetExtender stealing VPN logins

SonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. [...] https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-trojanized-netextender-stealing-vpn-logins/ Posted from: this blog via Microsoft Power Automate .

Windows 10 users can get extended security updates using Microsoft points

Microsoft says Windows 10 home users who want to delay switching to Windows 11 can enroll in the Extended Security Updates (ESU) program at no additional cost using Microsoft Rewards points or enabling Windows Backup to sync their data to the cloud. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-extended-security-updates-available-using-reward-points/ Posted from: this blog via Microsoft Power Automate .

Trezor’s support platform abused in crypto theft phishing attacks

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. [...] https://www.bleepingcomputer.com/news/security/trezors-support-platform-abused-in-crypto-theft-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

How Today’s Pentest Models Compare and Why Continuous Wins

Legacy pentests give you a snapshot. Attackers see a live stream. Sprocket's Continuous Penetration Testing (CPT) mimics real-world attackers—daily, not annually—so you can fix what matters, faster. Learn why CPT is the future. [...] https://www.bleepingcomputer.com/news/security/how-todays-pentest-models-compare-and-why-continuous-wins/ Posted from: this blog via Microsoft Power Automate .

US House bans WhatsApp on staff devices over security concerns

The U.S. House of Representatives has banned the installation and use of WhatsApp on government-issued devices belonging to congressional staff, citing concerns over how the app encrypts and secures data. [...] https://www.bleepingcomputer.com/news/security/us-house-bans-whatsapp-on-staff-devices-over-security-concerns/ Posted from: this blog via Microsoft Power Automate .

APT28 hackers use Signal chats to launch new malware attacks on Ukraine

The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. [...] https://www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/ Posted from: this blog via Microsoft Power Automate .

Steel giant Nucor confirms hackers stole data in recent breach

Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network. [...] https://www.bleepingcomputer.com/news/security/steel-giant-nucor-confirms-hackers-stole-data-in-recent-breach/ Posted from: this blog via Microsoft Power Automate .

Oxford City Council suffers breach exposing two decades of data

Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems. [...] https://www.bleepingcomputer.com/news/security/oxford-city-council-suffers-breach-exposing-two-decades-of-data/ Posted from: this blog via Microsoft Power Automate .

Oxford City Council suffers breach exposing two decades of data

Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems. [...] https://www.bleepingcomputer.com/news/security/oxford-city-council-suffers-breach-exposing-two-decades-of-data/ Posted from: this blog via Microsoft Power Automate .

Microsoft investigates OneDrive bug that breaks file search

​Microsoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-onedrive-bug-that-breaks-file-search/ Posted from: this blog via Microsoft Power Automate .

Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider

Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. [...] https://www.bleepingcomputer.com/news/security/cloudflare-blocks-record-73-tbps-ddos-attack-against-hosting-provider/ Posted from: this blog via Microsoft Power Automate .

Aflac discloses breach amidst Scattered Spider insurance attacks

On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. [...] https://www.bleepingcomputer.com/news/security/aflac-discloses-breach-amidst-scattered-spider-insurance-attacks/ Posted from: this blog via Microsoft Power Automate .

Can users reset their own passwords without sacrificing security?

Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. [...] https://www.bleepingcomputer.com/news/security/can-users-reset-their-own-passwords-without-sacrificing-security/ Posted from: this blog via Microsoft Power Automate .

Microsoft to remove legacy drivers from Windows Update for security boost

Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-legacy-drivers-from-windows-update-for-security-boost/ Posted from: this blog via Microsoft Power Automate .

No, the 16 billion credentials leak is not a new data breach

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. [...] https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/ Posted from: this blog via Microsoft Power Automate .

Godfather Android malware now uses virtualization to hijack banking apps

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...] https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/ Posted from: this blog via Microsoft Power Automate .

Godfather Android malware now uses virtualization to hijack banking apps

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...] https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/ Posted from: this blog via Microsoft Power Automate .

DuckDuckGo beefs up scam defense to block fake stores, crypto sites

The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites. [...] https://www.bleepingcomputer.com/news/security/duckduckgo-beefs-up-scam-defense-to-block-fake-stores-crypto-sites/ Posted from: this blog via Microsoft Power Automate .

Telecom giant Viasat breached by China's Salt Typhoon hackers

Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. [...] https://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/ Posted from: this blog via Microsoft Power Automate .

Krispy Kreme says November data breach impacts over 160,000 people

U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. [...] https://www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/ Posted from: this blog via Microsoft Power Automate .

Ryuk ransomware’s initial access expert extradited to the U.S.

A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. [...] https://www.bleepingcomputer.com/news/security/ryuk-ransomwares-initial-access-expert-extradited-to-the-us/ Posted from: this blog via Microsoft Power Automate .

Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto

The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack. [...] https://www.bleepingcomputer.com/news/security/pro-israel-hackers-hit-irans-nobitex-exchange-burn-90m-in-crypto/ Posted from: this blog via Microsoft Power Automate .

Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto

The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack. [...] https://www.bleepingcomputer.com/news/security/pro-israel-hackers-hit-irans-nobitex-exchange-burn-90m-in-crypto/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers deepfake execs in Zoom call to spread Mac malware

North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers deepfake execs in Zoom call to spread Mac malware

North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers deepfake execs in Zoom call to spread Mac malware

North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/ Posted from: this blog via Microsoft Power Automate .

ChainLink Phishing: How Trusted Domains Become Threat Vectors

Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. [...] https://www.bleepingcomputer.com/news/security/chainlink-phishing-how-trusted-domains-become-threat-vectors/ Posted from: this blog via Microsoft Power Automate .

CISA warns of attackers exploiting Linux flaw with PoC exploit

CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-exploiting-linux-flaw-with-poc-exploit/ Posted from: this blog via Microsoft Power Automate .

BeyondTrust warns of pre-auth RCE in Remote Support software

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-pre-auth-rce-in-remote-support-software/ Posted from: this blog via Microsoft Power Automate .

New Linux udisks flaw lets attackers get root on major Linux distros

Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. [...] https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/ Posted from: this blog via Microsoft Power Automate .

Asana warns MCP AI feature exposed customer data to other orgs

Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. [...] https://www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/ Posted from: this blog via Microsoft Power Automate .

Paddle settles for $5 million over facilitating tech support scams

Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults. [...] https://www.bleepingcomputer.com/news/security/paddle-settles-for-5-million-over-facilitating-tech-support-scams/ Posted from: this blog via Microsoft Power Automate .

Paddle settles for $5 million over facilitating tech support scams

Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults. [...] https://www.bleepingcomputer.com/news/security/paddle-settles-for-5-million-over-facilitating-tech-support-scams/ Posted from: this blog via Microsoft Power Automate .

Sitecore CMS exploit chain starts with hardcoded 'b' password

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. [...] https://www.bleepingcomputer.com/news/security/sitecore-cms-exploit-chain-starts-with-hardcoded-b-password/ Posted from: this blog via Microsoft Power Automate .

UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data

The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023. [...] https://www.bleepingcomputer.com/news/security/uk-fines-23andme-for-profoundly-damaging-breach-exposing-genetics-data/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Surface Hub boot issues with emergency update

Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-hub-boot-issues-with-emergency-update/ Posted from: this blog via Microsoft Power Automate .

Hacker steals 1 million Cock.li user records in webmail data breach

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. [...] https://www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/ Posted from: this blog via Microsoft Power Automate .

Hackers switch to targeting U.S. insurance companies

Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. [...] https://www.bleepingcomputer.com/news/security/google-warns-scattered-spider-hackers-now-target-us-insurance-companies/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2025.2 released with 13 new tools, car hacking updates

Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20252-released-with-13-new-tools-car-hacking-updates/ Posted from: this blog via Microsoft Power Automate .

Zoomcar discloses security breach impacting 8.4 million users

Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. [...] https://www.bleepingcomputer.com/news/security/zoomcar-discloses-security-breach-impacting-84-million-users/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares temp fix for Outlook crashes when opening emails

Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-classic-outlook-crashes/ Posted from: this blog via Microsoft Power Automate .

Police seizes Archetyp Market drug marketplace, arrests admin

Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020. [...] https://www.bleepingcomputer.com/news/security/police-seizes-archetyp-market-drug-marketplace-arrests-admin/ Posted from: this blog via Microsoft Power Automate .

Microsoft: June Windows Server security updates cause DHCP issues

Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-server-security-updates-cause-dhcp-issues/ Posted from: this blog via Microsoft Power Automate .

ChatGPT's AI coder Codex now lets you choose the best solution

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-ai-coder-codex-now-lets-you-choose-the-best-solution/ Posted from: this blog via Microsoft Power Automate .

ChatGPT's AI coder Codex now lets you choose the best solution

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-ai-coder-codex-now-lets-you-choose-the-best-solution/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Search gets an upgrade as OpenAI takes aim at Google

On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-search-gets-an-upgrade-as-openai-takes-aim-at-google/ Posted from: this blog via Microsoft Power Automate .

Over 46,000 Grafana instances exposed to account takeover bug

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. [...] https://www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/ Posted from: this blog via Microsoft Power Automate .

WestJet investigates cyberattack disrupting internal systems

WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...] https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/ Posted from: this blog via Microsoft Power Automate .

Google links massive cloud outage to API management issue

Google says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. [...] https://www.bleepingcomputer.com/news/google/google-links-massive-cloud-outage-to-api-management-issue/ Posted from: this blog via Microsoft Power Automate .

Discord flaw lets hackers reuse expired invites in malware campaign

Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign/ Posted from: this blog via Microsoft Power Automate .

Victoria’s Secret restores critical systems after cyberattack

Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...] https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Cloudflare: Outage not caused by security incident, data is safe

Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. [...] https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/ Posted from: this blog via Microsoft Power Automate .

Trend Micro fixes critical vulnerabilities in multiple products

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...] https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/ Posted from: this blog via Microsoft Power Automate .

Google Cloud and Cloudflare hit by widespread service outages

Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...] https://www.bleepingcomputer.com/news/technology/google-cloud-and-cloudflare-hit-by-widespread-service-outages/ Posted from: this blog via Microsoft Power Automate .

Graphite spyware used in Apple iOS zero-click attacks on journalists

Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...] https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/ Posted from: this blog via Microsoft Power Automate .

Password-spraying attacks target 80,000 Microsoft Entra ID accounts

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...] https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/ Posted from: this blog via Microsoft Power Automate .

ChatGPT o3 API 80% price drop has no impact on performance

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-o3-api-80-percent-price-drop-has-no-impact-on-performance/ Posted from: this blog via Microsoft Power Automate .

ChatGPT o3 API 80% price drop has no impact on performance

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-o3-api-80-percent-price-drop-has-no-impact-on-performance/ Posted from: this blog via Microsoft Power Automate .

SmartAttack uses smartwatches to steal data from air-gapped systems

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. [...] https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/ Posted from: this blog via Microsoft Power Automate .

Erie Insurance confirms cyberattack behind business disruptions

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. [...] https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/ Posted from: this blog via Microsoft Power Automate .

Erie Insurance confirms cyberattack behind business disruptions

Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. [...] https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/ Posted from: this blog via Microsoft Power Automate .

Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction. [...] https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/ Posted from: this blog via Microsoft Power Automate .

Microsoft creates separate Windows 11 24H2 update for incompatible PCs

Microsoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-creates-separate-windows-11-24h2-update-for-incompatible-pcs/ Posted from: this blog via Microsoft Power Automate .

Brute-force attacks target Apache Tomcat management panels

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. [...] https://www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/ Posted from: this blog via Microsoft Power Automate .

Operation Secure disrupts global infostealer malware operations

An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. [...] https://www.bleepingcomputer.com/news/security/operation-secure-disrupts-global-infostealer-malware-operations/ Posted from: this blog via Microsoft Power Automate .

DanaBot malware operators exposed via C2 bug added in 2022

A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. [...] https://www.bleepingcomputer.com/news/security/danabot-malware-operators-exposed-via-c2-bug-added-in-2022/ Posted from: this blog via Microsoft Power Automate .

ConnectWise rotating code signing certificates over security concerns

ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. [...] https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/ Posted from: this blog via Microsoft Power Automate .

New Secure Boot flaw lets attackers install bootkit malware, patch now

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. [...] https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5060533 cumulative update released with 7 changes, fixes

Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5060533-cumulative-update-released-with-7-changes-fixes/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5060842 and KB5060999 cumulative updates released

Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5060842-and-kb5060999-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

Microsoft Outlook to block more risky attachments used in attacks

Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. [...] https://www.bleepingcomputer.com/news/security/microsoft-outlook-to-block-more-risky-attachments-used-in-attacks/ Posted from: this blog via Microsoft Power Automate .

FIN6 hackers pose as job seekers to backdoor recruiters’ devices

In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. [...] https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/ Posted from: this blog via Microsoft Power Automate .

Ivanti Workspace Control hardcoded key flaws expose SQL credentials

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. [...] https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/ Posted from: this blog via Microsoft Power Automate .

AI is a data-breach time bomb, reveals new report

AI acts like Pac-Man—devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks. [...] https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/ Posted from: this blog via Microsoft Power Automate .

Stolen Ticketmaster data from Snowflake attacks briefly for sale again

The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. [...] https://www.bleepingcomputer.com/news/security/stolen-ticketmaster-data-from-snowflake-attacks-briefly-for-sale-again/ Posted from: this blog via Microsoft Power Automate .

Over 84,000 Roundcube instances vulnerable to actively exploited flaw

Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. [...] https://www.bleepingcomputer.com/news/security/over-84-000-roundcube-instances-vulnerable-to-actively-exploited-flaw/ Posted from: this blog via Microsoft Power Automate .

Google patched bug leaking phone numbers tied to accounts

A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. [...] https://www.bleepingcomputer.com/news/security/google-patched-bug-leaking-phone-numbers-tied-to-accounts/ Posted from: this blog via Microsoft Power Automate .

Google patched bug leaking phone numbers tied to accounts

A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. [...] https://www.bleepingcomputer.com/news/security/google-patched-bug-leaking-phone-numbers-tied-to-accounts/ Posted from: this blog via Microsoft Power Automate .

SentinelOne shares new details on China-linked breach attempt

SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. [...] https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/ Posted from: this blog via Microsoft Power Automate .

Linux Foundation unveils decentralized WordPress plugin manager

A collective of former WordPress developers and contributors backed by the Linux Foundation has launched the FAIR Package Manager, a new and independent distribution system for trusted WordPress plugins and themes. [...] https://www.bleepingcomputer.com/news/technology/linux-foundation-unveils-decentralized-wordpress-plugin-manager/ Posted from: this blog via Microsoft Power Automate .

Sensata Technologies says personal data stolen by ransomware gang

Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. [...] https://www.bleepingcomputer.com/news/security/sensata-technologies-says-personal-data-stolen-by-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

Designing Blue Team playbooks with Wazuh for proactive cyber defense

Blue Team playbooks are essential—but tools like Wazuh take them to the next level. From credential dumping to web shells and brute-force attacks, see how Wazuh strengthens real-time detection and automated response. [...] https://www.bleepingcomputer.com/news/security/designing-blue-team-playbooks-with-wazuh-for-proactive-cyber-defense/ Posted from: this blog via Microsoft Power Automate .

Grocery wholesale giant United Natural Foods hit by cyberattack

United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. [...] https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ Posted from: this blog via Microsoft Power Automate .

New Mirai botnet infect TBK DVR devices via command injection flaw

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...] https://www.bleepingcomputer.com/news/security/new-mirai-botnet-infect-tbk-dvr-devices-via-command-injection-flaw/ Posted from: this blog via Microsoft Power Automate .

Malicious npm packages posing as utilities delete project directories

Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...] https://www.bleepingcomputer.com/news/security/malicious-npm-packages-posing-as-utilities-delete-project-directories/ Posted from: this blog via Microsoft Power Automate .

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...] https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-restore-inetpub-folder-you-shouldnt-delete/ Posted from: this blog via Microsoft Power Automate .

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked

U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. [...] https://www.bleepingcomputer.com/news/security/tax-resolution-firm-optima-tax-relief-hit-by-ransomware-data-leaked/ Posted from: this blog via Microsoft Power Automate .

Google’s upcoming Gemini Kingfall is allegedly a coding beast

Google's AI advancement is not slowing down, and we might be getting yet another powerful model codenamed "Gemini Kingfall." [...] https://www.bleepingcomputer.com/news/artificial-intelligence/googles-upcoming-gemini-kingfall-is-allegedly-a-coding-beast/ Posted from: this blog via Microsoft Power Automate .

ChatGPT prepares o3-pro model for $200 Pro subscribers

OpenAI is planning to ship an update to ChatGPT that will turn on the new o3 Pro model, which has more compute to think harder. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-prepares-o3-pro-model-for-200-pro-subscribers/ Posted from: this blog via Microsoft Power Automate .

ChatGPT prepares o3-pro model for $200 Pro subscribers

OpenAI is planning to ship an update to ChatGPT that will turn on the new o3 Pro model, which has more compute to think harder. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-prepares-o3-pro-model-for-200-pro-subscribers/ Posted from: this blog via Microsoft Power Automate .

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. [...] https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices/ Posted from: this blog via Microsoft Power Automate .

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. [...] https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices/ Posted from: this blog via Microsoft Power Automate .

Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers

A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. [...] https://www.bleepingcomputer.com/news/security/old-atandt-data-leak-repackaged-to-link-ssns-dobs-to-49m-phone-numbers/ Posted from: this blog via Microsoft Power Automate .

Designing a Windows Service for Security

Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...] https://www.bleepingcomputer.com/news/security/designing-a-windows-service-for-security/ Posted from: this blog via Microsoft Power Automate .

Hacker selling critical Roundcube webmail exploit as tech info disclosed

Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. [...] https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/ Posted from: this blog via Microsoft Power Automate .

Microsoft unveils free EU cybersecurity program for governments

Microsoft announced in Berlin today a new European Security Program that promises to bolster cybersecurity for European governments. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-free-eu-cybersecurity-program-for-governments/ Posted from: this blog via Microsoft Power Automate .

Microsoft unveils free EU cybersecurity program for governments

Microsoft announced in Berlin today a new European Security Program that promises to bolster cybersecurity for European governments. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-free-eu-cybersecurity-program-for-governments/ Posted from: this blog via Microsoft Power Automate .

FBI: Play ransomware breached 900 victims, including critical orgs

In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. [...] https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/ Posted from: this blog via Microsoft Power Automate .

Hacker arrested for breaching 5,000 hosting accounts to mine crypto

The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. [...] https://www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/ Posted from: this blog via Microsoft Power Automate .

Hacker arrested for breaching 5,000 hosting accounts to mine crypto

The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. [...] https://www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of ISE and CCP flaws with public exploit code

Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/ Posted from: this blog via Microsoft Power Automate .

Ukraine claims it hacked Tupolev, Russia’s strategic warplane maker

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. [...] https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-tupolev-russias-strategic-warplane-maker/ Posted from: this blog via Microsoft Power Automate .

BidenCash carding market domains seized in international operation

Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. [...] https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/ Posted from: this blog via Microsoft Power Automate .

FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets

The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-nft-airdrop-scams-targeting-hedera-hashgraph-wallets/ Posted from: this blog via Microsoft Power Automate .

Media giant Lee Enterprises says data breach affects 39,000 people

Publishing giant Lee Enterprises is notifying over 39,000 people whose personal information was stolen in a February 2025 ransomware attack. [...] https://www.bleepingcomputer.com/news/security/media-giant-lee-enterprises-says-data-breach-affects-39-000-people/ Posted from: this blog via Microsoft Power Automate .

Google: Hackers target Salesforce accounts in data extortion attacks

Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organization's Salesforce platforms. [...] https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ Posted from: this blog via Microsoft Power Automate .

OpenAI is hopeful GPT-5 will compete a little more

OpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-hopeful-gpt-5-will-compete-a-little-more/ Posted from: this blog via Microsoft Power Automate .

ChatGPT rolls out Memory upgrade for free users

ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-rolls-out-memory-upgrade-for-free-users/ Posted from: this blog via Microsoft Power Automate .

Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. [...] https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-warns-of-critical-storeonce-auth-bypass/ Posted from: this blog via Microsoft Power Automate .

ChatGPT rolls out Memory upgrade for free users

ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-rolls-out-memory-upgrade-for-free-users/ Posted from: this blog via Microsoft Power Automate .

Microsoft adds quick machine recovery to Windows 11 settings

Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-quick-machine-recovery-to-windows-11-settings/ Posted from: this blog via Microsoft Power Automate .

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. [...] https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/ Posted from: this blog via Microsoft Power Automate .

Mozilla launches new system to detect Firefox crypto drainer add-ons

Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/ Posted from: this blog via Microsoft Power Automate .

Scattered Spider: Three things the news doesn’t tell you

Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. [...] https://www.bleepingcomputer.com/news/security/scattered-spider-three-things-the-news-doesnt-tell-you/ Posted from: this blog via Microsoft Power Automate .

Victoria’s Secret delays earnings release after security incident

Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. [...] https://www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/ Posted from: this blog via Microsoft Power Automate .

Cartier discloses data breach amid fashion brand cyberattacks

Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. [...] https://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

The North Face warns customers of April credential stuffing attack

Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. [...] https://www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/ Posted from: this blog via Microsoft Power Automate .

SentinelOne: Last week’s 7-hour outage caused by software flaw

American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. [...] https://www.bleepingcomputer.com/news/technology/sentinelone-last-weeks-7-hour-outage-caused-by-software-flaw/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August

Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...] https://www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/ Posted from: this blog via Microsoft Power Automate .

Microsoft and CrowdStrike partner to link hacking group names

Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...] https://www.bleepingcomputer.com/news/security/microsoft-and-crowdstrike-partner-to-link-hacking-group-names/ Posted from: this blog via Microsoft Power Automate .

‘Russian Market’ emerges as a go-to shop for stolen credentials

The "Russian Market" cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. [...] https://www.bleepingcomputer.com/news/security/russian-market-emerges-as-a-go-to-shop-for-stolen-credentials/ Posted from: this blog via Microsoft Power Automate .

Microsoft ships emergency patch to fix Windows 11 installation issues

Microsoft has released an out-of-band update to address a known issue causing some Windows 11 systems to enter recovery and fail to start while trying to install the KB5058405 May 2025 security update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-ships-emergency-patch-to-fix-windows-11-installation-issues/ Posted from: this blog via Microsoft Power Automate .

Qualcomm fixes three Adreno GPU zero-days exploited in attacks

Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. [...] https://www.bleepingcomputer.com/news/security/qualcomm-fixes-three-adreno-gpu-zero-days-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .