Posts

Showing posts from July, 2025

Microsoft to disable Excel workbook links to blocked file types

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-external-workbook-links-to-blocked-file-types/ Posted from: this blog via Microsoft Power Automate .

Microsoft now pays up to $40,000 for some .NET vulnerabilities

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

CISA open-sources Thorium platform for malware, forensic analysis

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. [...] https://www.bleepingcomputer.com/news/security/cisa-open-sources-thorium-platform-for-malware-forensic-analysis/ Posted from: this blog via Microsoft Power Automate .

Proton launches free standalone cross-platform Authenticator app

Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. [...] https://www.bleepingcomputer.com/news/security/proton-launches-free-standalone-cross-platform-authenticator-app/ Posted from: this blog via Microsoft Power Automate .

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. [...] https://www.bleepingcomputer.com/news/security/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site/ Posted from: this blog via Microsoft Power Automate .

SafePay ransomware threatens to leak 3.5TB of Ingram Micro data

The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month. [...] https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/ Posted from: this blog via Microsoft Power Automate .

Hackers actively exploit critical RCE in WordPress Alone theme

Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover. [...] https://www.bleepingcomputer.com/news/security/hackers-actively-exploit-critical-rce-in-wordpress-alone-theme/ Posted from: this blog via Microsoft Power Automate .

Hackers plant 4G Raspberry Pi on bank network in failed ATM heist

The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack. [...] https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/ Posted from: this blog via Microsoft Power Automate .

Apple patches security flaw exploited in Chrome zero-day attacks

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. [...] https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). [...] https://www.bleepingcomputer.com/news/security/new-lenovo-uefi-firmware-updates-fix-secure-boot-bypass-flaws/ Posted from: this blog via Microsoft Power Automate .

Russian airline Aeroflot grounds dozens of flights after cyberattack

Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. [...] https://www.bleepingcomputer.com/news/security/russian-airline-aeroflot-grounds-dozens-of-flights-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft Edge now an 'AI-powered browser' with Copilot Mode

Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-an-ai-powered-browser-with-copilot-mode/ Posted from: this blog via Microsoft Power Automate .

French telecom giant Orange discloses cyberattack

Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...] https://www.bleepingcomputer.com/news/security/french-telecommunications-giant-orange-discloses-cyberattack/ Posted from: this blog via Microsoft Power Automate .

How attackers are still phishing "phishing-resistant" authentication

Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...] https://www.bleepingcomputer.com/news/security/how-attackers-are-still-phishing-phishing-resistant-authentication/ Posted from: this blog via Microsoft Power Automate .

Lovense sex toy app flaw leaks private user email addresses

The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment. [...] https://www.bleepingcomputer.com/news/security/lovense-sex-toy-app-flaw-leaks-private-user-email-addresses/ Posted from: this blog via Microsoft Power Automate .

Tea app leak worsens with second database exposing user chats

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members. [...] https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/ Posted from: this blog via Microsoft Power Automate .

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. [...] https://www.bleepingcomputer.com/news/security/flaw-in-gemini-cli-ai-coding-assistant-allowed-stealthy-code-execution/ Posted from: this blog via Microsoft Power Automate .

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. [...] https://www.bleepingcomputer.com/news/security/flaw-in-gemini-cli-ai-coding-assistant-allowed-stealthy-code-execution/ Posted from: this blog via Microsoft Power Automate .

Microsoft will stop supporting Windows 11 22H2 in October

Microsoft has reminded customers today that the last supported editions of Windows 11 22H2 will reach their end of servicing on October 14. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-will-stop-supporting-windows-11-22h2-in-october/ Posted from: this blog via Microsoft Power Automate .

OpenAI prepares GPT-5 for roll out

OpenAI's ChatGPT-5 could drop in the coming days, and it could be one of the best models from the Microsoft-backed startup. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-gpt-5-for-roll-out/ Posted from: this blog via Microsoft Power Automate .

OpenAI prepares GPT-5 for roll out

OpenAI's ChatGPT-5 could drop in the coming days, and it could be one of the best models from the Microsoft-backed startup. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-gpt-5-for-roll-out/ Posted from: this blog via Microsoft Power Automate .

Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss

Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them. [...] https://www.bleepingcomputer.com/news/security/free-tool-autoswagger-finds-the-api-flaws-attackers-hope-you-miss/ Posted from: this blog via Microsoft Power Automate .

Scattered Spider is running a VMware ESXi hacking spree

Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. [...] https://www.bleepingcomputer.com/news/security/scattered-spider-is-running-a-vmware-esxi-hacking-spree/ Posted from: this blog via Microsoft Power Automate .

Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...] https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-exposes-200k-wordpress-sites-to-hijacking-attacks/ Posted from: this blog via Microsoft Power Automate .

Amazon AI coding agent hacked to inject data wiping commands

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...] https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/ Posted from: this blog via Microsoft Power Automate .

Amazon AI coding agent hacked to inject data wiping commands

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...] https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/ Posted from: this blog via Microsoft Power Automate .

Microsoft investigates outage affecting Microsoft 365 admin center

Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outage-affecting-microsoft-365-admin-center/ Posted from: this blog via Microsoft Power Automate .

The role of the cybersecurity PM in incident-driven development

From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. [...] https://www.bleepingcomputer.com/news/security/the-role-of-the-cybersecurity-pm-in-incident-driven-development/ Posted from: this blog via Microsoft Power Automate .

US sanctions North Korean firm, nationals behind IT worker schemes

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government. [...] https://www.bleepingcomputer.com/news/security/us-sanctions-north-korean-firm-nationals-behind-it-worker-schemes/ Posted from: this blog via Microsoft Power Automate .

Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. [...] https://www.bleepingcomputer.com/news/security/us-woman-sentenced-to-8-years-in-prison-for-running-laptop-farm-helping-north-koreans-infiltrate-300-firms/ Posted from: this blog via Microsoft Power Automate .

Microsoft lifts Windows 11 update block for Easy Anti-Cheat users

Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-update-block-for-easy-anti-cheat-users/ Posted from: this blog via Microsoft Power Automate .

BlackSuit ransomware leak sites seized in Operation Checkmate

Law enforcement has seized the dark web leak sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. [...] https://www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/ Posted from: this blog via Microsoft Power Automate .

New Koske Linux malware hides in cute panda images

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. [...] https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/ Posted from: this blog via Microsoft Power Automate .

OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users

ChatGPT Agent is now rolling out to users with $20 Plus subscription, but OpenAI warns that it will take a few days for the rollout to finish. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-confirms-chatgpt-agent-is-now-rolling-out-for-20-plus-users/ Posted from: this blog via Microsoft Power Automate .

New Koske Linux malware hides in cute panda images

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. [...] https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/ Posted from: this blog via Microsoft Power Automate .

OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users

ChatGPT Agent is now rolling out to users with $20 Plus subscription, but OpenAI warns that it will take a few days for the rollout to finish. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-confirms-chatgpt-agent-is-now-rolling-out-for-20-plus-users/ Posted from: this blog via Microsoft Power Automate .

Hacker sneaks infostealer malware into early access Steam game

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. [...] https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/ Posted from: this blog via Microsoft Power Automate .

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...] https://www.bleepingcomputer.com/news/security/mitel-warns-of-critical-mivoice-mx-one-authentication-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. [...] https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/ Posted from: this blog via Microsoft Power Automate .

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. [...] https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/ Posted from: this blog via Microsoft Power Automate .

Brave blocks Windows Recall from screenshotting your browsing activity

Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy. [...] https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/ Posted from: this blog via Microsoft Power Automate .

Brave blocks Windows Recall from screenshotting your browsing activity

Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy. [...] https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/ Posted from: this blog via Microsoft Power Automate .

Ukraine arrests suspected admin of XSS Russian hacking forum

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...] https://www.bleepingcomputer.com/news/security/ukraine-arrests-suspected-admin-of-xss-russian-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

Ukraine arrests suspected admin of XSS Russian hacking forum

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...] https://www.bleepingcomputer.com/news/security/ukraine-arrests-suspected-admin-of-xss-russian-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

npm 'accidentally' removes Stylus package, breaks builds and pipelines

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...] https://www.bleepingcomputer.com/news/security/npm-accidentally-removes-stylus-package-breaks-builds-and-pipelines/ Posted from: this blog via Microsoft Power Automate .

Operator of Jetflix illegal streaming service gets 7 years in prison

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...] https://www.bleepingcomputer.com/news/technology/operator-of-jetflix-illegal-streaming-service-gets-7-years-in-prison/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug behind incorrect Windows Firewall errors

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-incorrect-windows-firewall-errors/ Posted from: this blog via Microsoft Power Automate .

Lumma infostealer malware returns after law enforcement disruption

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...] https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-returns-after-law-enforcement-disruption/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5062660 update brings new 'Windows Resilience' features

​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5062660-update-brings-new-windows-resilience-features/ Posted from: this blog via Microsoft Power Automate .

Windows 11 gets new Black Screen of Death, auto recovery tool

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-gets-new-black-screen-of-death-auto-recovery-tool/ Posted from: this blog via Microsoft Power Automate .

Major European healthcare network discloses security breach

AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. [...] https://www.bleepingcomputer.com/news/security/major-european-healthcare-network-discloses-security-breach/ Posted from: this blog via Microsoft Power Automate .

Cisco: Maximum-severity ISE RCE flaws now exploited in attacks

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/cisco-maximum-severity-ise-rce-flaws-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

UK to ban public sector orgs from paying ransomware gangs

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/ Posted from: this blog via Microsoft Power Automate .

Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...] https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows Server KB5062557 causes cluster, VM issues

Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-kb5062557-causes-cluster-vm-issues/ Posted from: this blog via Microsoft Power Automate .

Intel announces end of Clear Linux OS project, archives GitHub repos

The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...] https://www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/ Posted from: this blog via Microsoft Power Automate .

Intel announces end of Clear Linux OS project, archives GitHub repos

The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...] https://www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/ Posted from: this blog via Microsoft Power Automate .

Ring denies breach after users report suspicious logins

Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...] https://www.bleepingcomputer.com/news/security/ring-denies-breach-after-users-report-suspicious-logins/ Posted from: this blog via Microsoft Power Automate .

ExpressVPN bug leaked user IPs in Remote Desktop sessions

ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...] https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/ Posted from: this blog via Microsoft Power Automate .

Veeam Recovery Orchestrator users locked out after MFA rollout

Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA). [...] https://www.bleepingcomputer.com/news/technology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/ Posted from: this blog via Microsoft Power Automate .

Dior begins sending data breach notifications to U.S. customers

The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. [...] https://www.bleepingcomputer.com/news/security/dior-begins-sending-data-breach-notifications-to-us-customers/ Posted from: this blog via Microsoft Power Automate .

Dell confirms breach of test lab platform by World Leaks extortion group

A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. [...] https://www.bleepingcomputer.com/news/security/dell-confirms-breach-of-test-lab-platform-by-world-leaks-extortion-group/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ Posted from: this blog via Microsoft Power Automate .

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. [...] https://www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/ Posted from: this blog via Microsoft Power Automate .

CrushFTP zero-day exploited in attacks to gain admin access on servers

CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-in-attacks-to-gain-admin-access-on-servers/ Posted from: this blog via Microsoft Power Automate .

Arch Linux pulls AUR packages that installed Chaos RAT malware

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. [...] https://www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/ Posted from: this blog via Microsoft Power Automate .

Arch Linux pulls AUR packages that installed Chaos RAT malware

Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. [...] https://www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/ Posted from: this blog via Microsoft Power Automate .

UK ties GRU to stealthy Microsoft 365 credential-stealing malware

The UK National Cyber Security Centre (NCSC) has formally attributed 'Authentic Antics' espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia's military intelligence service (GRU). [...] https://www.bleepingcomputer.com/news/security/uk-ties-russian-gru-to-authentic-antics-credential-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft mistakenly tags Windows Firewall error log bug as fixed

Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-mistakenly-tags-windows-firewall-error-log-bug-as-fixed/ Posted from: this blog via Microsoft Power Automate .

New ChatGPT o3-alpha model hints at coding upgrade

ChatGPT's o3 is OpenAI's best model to date because it features reasoning, and it might get even better in the next update. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/new-chatgpt-o3-alpha-model-hints-at-coding-upgrade/ Posted from: this blog via Microsoft Power Automate .

Russian alcohol retailer WineLab closes stores after ransomware attack

WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. [...] https://www.bleepingcomputer.com/news/security/russian-alcohol-retailer-winelab-closes-stores-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks

A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. [...] https://www.bleepingcomputer.com/news/security/citrix-bleed-2-exploited-weeks-before-pocs-as-citrix-denied-attacks/ Posted from: this blog via Microsoft Power Automate .

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025. [...] https://www.bleepingcomputer.com/news/security/vmware-fixes-four-esxi-zero-day-bugs-exploited-at-pwn2own-berlin/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams voice calls abused to push Matanbuchus malware

The Matanbuchus malware loader has been seen being distributed through social engineering over Microsoft Teams calls impersonating IT helpdesk. [...] https://www.bleepingcomputer.com/news/security/microsoft-teams-voice-calls-abused-to-push-matanbuchus-malware/ Posted from: this blog via Microsoft Power Automate .

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices

Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms. [...] https://www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/ Posted from: this blog via Microsoft Power Automate .

Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices

Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company's advertising platforms. [...] https://www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/ Posted from: this blog via Microsoft Power Automate .

LameHug malware uses AI LLM to craft Windows data-theft commands in real-time

A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. [...] https://www.bleepingcomputer.com/news/security/lamehug-malware-uses-ai-llm-to-craft-windows-data-theft-commands-in-real-time/ Posted from: this blog via Microsoft Power Automate .

Hacker steals $27 million in BigONE exchange crypto breach

Cryptocurrency exchange BigONE announced that it suffered a security breach, in which hackers stole various digital assets valued at $27 million. [...] https://www.bleepingcomputer.com/news/security/hacker-steals-27-million-in-bigone-exchange-crypto-breach/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers breached National Guard to steal network configurations

The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-national-guard-to-steal-network-configurations/ Posted from: this blog via Microsoft Power Automate .

Co-op confirms data of 6.5 million members stolen in cyberattack

UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. [...] https://www.bleepingcomputer.com/news/security/co-op-confirms-data-of-65-million-members-stolen-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms

A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country. [...] https://www.bleepingcomputer.com/news/security/us-army-soldier-pleads-guilty-to-extorting-10-tech-telecom-firms/ Posted from: this blog via Microsoft Power Automate .

U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms

A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country. [...] https://www.bleepingcomputer.com/news/security/us-army-soldier-pleads-guilty-to-extorting-10-tech-telecom-firms/ Posted from: this blog via Microsoft Power Automate .

Louis Vuitton says regional data breaches tied to same cyberattack

Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. [...] https://www.bleepingcomputer.com/news/security/louis-vuitton-says-regional-data-breaches-tied-to-same-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack

To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. [...] https://www.bleepingcomputer.com/news/security/cloudflare-says-1111-outage-not-caused-by-attack-or-bgp-hijack/ Posted from: this blog via Microsoft Power Automate .

Google fixes actively exploited sandbox escape zero day in Chrome

Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. [...] https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome/ Posted from: this blog via Microsoft Power Automate .

OpenAI's image model gets built-in style feature on ChatGPT

OpenAI's image gen model, which is available via ChatGPT for free, now lets you easily create AI images even if you're not familiar with trends or prompt engineering. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-image-model-gets-built-in-style-feature-on-chatgpt/ Posted from: this blog via Microsoft Power Automate .

OpenAI's image model gets built-in style feature on ChatGPT

OpenAI's image gen model, which is available via ChatGPT for free, now lets you easily create AI images even if you're not familiar with trends or prompt engineering. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-image-model-gets-built-in-style-feature-on-chatgpt/ Posted from: this blog via Microsoft Power Automate .

Abacus dark web drug market goes offline in suspected exit scam

Abacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam. [...] https://www.bleepingcomputer.com/news/security/abacus-dark-web-drug-market-goes-offline-in-suspected-exit-scam/ Posted from: this blog via Microsoft Power Automate .

Windows KB5064489 emergency update fixes Azure VM launch issues

Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. [...] https://www.bleepingcomputer.com/news/microsoft/windows-kb5064489-emergency-update-fixes-azure-vm-launch-issues/ Posted from: this blog via Microsoft Power Automate .

North Korean XORIndex malware hidden in 67 malicious npm packages

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...] https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/ Posted from: this blog via Microsoft Power Automate .

Police disrupt “Diskstation” ransomware gang attacking NAS devices

An international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses. [...] https://www.bleepingcomputer.com/news/security/police-disrupt-diskstation-ransomware-gang-attacking-nas-devices/ Posted from: this blog via Microsoft Power Automate .

Android malware Konfety uses malformed APKs to evade detection

A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. [...] https://www.bleepingcomputer.com/news/security/android-malware-konfety-uses-malformed-apks-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

OpenAI's ChatGPT-powered browser is codenamed 'Aura'

OpenAI is following Perplexity and is working on its own AI-powered browser codenamed "Aura." [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-powered-browser-is-codenamed-aura/ Posted from: this blog via Microsoft Power Automate .

UK launches vulnerability research program for external experts

UK's National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts. [...] https://www.bleepingcomputer.com/news/security/uk-launches-vulnerability-research-program-for-external-experts/ Posted from: this blog via Microsoft Power Automate .

Interlock ransomware adopts FileFix method to deliver malware

Hackers have adopted the new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems. [...] https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/ Posted from: this blog via Microsoft Power Automate .

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto developer. [...] https://www.bleepingcomputer.com/news/security/malicious-vscode-extension-in-cursor-ide-led-to-500k-crypto-theft/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5062554 update breaks emoji panel search feature

The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5062554-update-breaks-emoji-panel-search-feature/ Posted from: this blog via Microsoft Power Automate .

Google Gemini flaw hijacks email summaries for phishing

Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. [...] https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/ Posted from: this blog via Microsoft Power Automate .

Hackers are exploiting critical RCE flaw in Wing FTP Server

Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...] https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-rce-flaw-in-wing-ftp-server/ Posted from: this blog via Microsoft Power Automate .

'123456' password exposed info for 64 million McDonald’s job applicants

Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the personal information of more than 64 million job applicants across the United States. [...] https://www.bleepingcomputer.com/news/security/123456-password-exposed-info-for-64-million-mcdonalds-job-applicants/ Posted from: this blog via Microsoft Power Automate .

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/exploits-for-pre-auth-fortinet-fortiweb-rce-flaw-released-patch-now/ Posted from: this blog via Microsoft Power Automate .

WordPress Gravity Forms developer hacked to push backdoored plugins

The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. [...] https://www.bleepingcomputer.com/news/security/wordpress-gravity-forms-developer-hacked-to-push-backdoored-plugins/ Posted from: this blog via Microsoft Power Automate .

NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks

NVIDIA is warning users to activate System Level Error-Correcting Code  mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. [...] https://www.bleepingcomputer.com/news/security/nvidia-issues-guidance-to-defend-gddr6-gpus-against-rowhammer/ Posted from: this blog via Microsoft Power Automate .

The zero-day that could've compromised every Cursor and Windsurf user

Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. [...] https://www.bleepingcomputer.com/news/security/the-zero-day-that-couldve-compromised-every-cursor-and-windsurf-user/ Posted from: this blog via Microsoft Power Automate .

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...] https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/ Posted from: this blog via Microsoft Power Automate .

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...] https://www.bleepingcomputer.com/news/security/windows-11-now-uses-jscript9legacy-engine-for-improved-security/ Posted from: this blog via Microsoft Power Automate .

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...] https://www.bleepingcomputer.com/news/security/windows-11-now-uses-jscript9legacy-engine-for-improved-security/ Posted from: this blog via Microsoft Power Automate .

Russian pro basketball player arrested for alleged role in ransomware attacks

Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. [...] https://www.bleepingcomputer.com/news/security/russian-pro-basketball-player-arrested-for-alleged-role-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

FBI's CJIS demystified: Best practices for passwords, MFA & access control

FBI's Criminal Justice Information Services (CJIS) compliance isn't optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. [...] https://www.bleepingcomputer.com/news/security/fbis-cjis-demystified-best-practices-for-passwords-mfa-and-access-control/ Posted from: this blog via Microsoft Power Automate .

Microsoft Authenticator on iOS moves backups fully to iCloud

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-on-ios-moves-backups-fully-to-icloud/ Posted from: this blog via Microsoft Power Automate .

Microsoft Authenticator on iOS moves backups fully to iCloud

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-on-ios-moves-backups-fully-to-icloud/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms Windows Server Update Services (WSUS) sync is broken

Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-update-services-wsus-sync-is-broken/ Posted from: this blog via Microsoft Power Automate .

Qantas confirms data breach impacts 5.7 million customers

Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. [...] https://www.bleepingcomputer.com/news/security/qantas-confirms-data-breach-impacts-57-million-customers/ Posted from: this blog via Microsoft Power Automate .

Google reveals details on Android’s Advanced Protection for Chrome

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...] https://www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/ Posted from: this blog via Microsoft Power Automate .

Google reveals details on Android’s Advanced Protection for Chrome

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...] https://www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/ Posted from: this blog via Microsoft Power Automate .

Google reveals details on Android’s Advanced Protection for Chrome

Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. [...] https://www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/ Posted from: this blog via Microsoft Power Automate .

Bitcoin Depot breach exposes data of nearly 27,000 crypto users

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. [...] https://www.bleepingcomputer.com/news/security/bitcoin-depot-breach-exposes-data-of-nearly-27-000-crypto-users/ Posted from: this blog via Microsoft Power Automate .

Ruckus Networks leaves severe flaws unpatched in management devices

Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. [...] https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/ Posted from: this blog via Microsoft Power Automate .

Ingram Micro starts restoring systems after ransomware attack

Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday. [...] https://www.bleepingcomputer.com/news/security/ingram-micro-starts-restoring-systems-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Treasury sanctions North Korean over IT worker malware scheme

The U.S. Department of the Treasury sanctioned cyber actor Song Kum Hyok for his association with North Korea's hacking group Andariel and for facilitating IT worker schemes that generated revenue for the Pyongyang regime. [...] https://www.bleepingcomputer.com/news/legal/treasury-sanctions-north-korean-over-it-worker-malware-scheme/ Posted from: this blog via Microsoft Power Automate .

New ServiceNow flaw lets attackers enumerate restricted data

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. [...] https://www.bleepingcomputer.com/news/security/new-servicenow-flaw-lets-attackers-enumerate-restricted-data/ Posted from: this blog via Microsoft Power Automate .

Samsung announces major security enhancements coming to One UI 8

Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. [...] https://www.bleepingcomputer.com/news/security/samsung-announces-major-security-enhancements-coming-to-one-ui-8/ Posted from: this blog via Microsoft Power Automate .

Samsung announces major security enhancements coming to One UI 8

Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. [...] https://www.bleepingcomputer.com/news/security/samsung-announces-major-security-enhancements-coming-to-one-ui-8/ Posted from: this blog via Microsoft Power Automate .

M&S confirms social engineering led to massive ransomware attack

M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. [...] https://www.bleepingcomputer.com/news/security/mands-confirms-social-engineering-led-to-massive-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

New Android TapTrap attack fools users with invisible UI trick

A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. [...] https://www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fools-users-with-invisible-ui-trick/ Posted from: this blog via Microsoft Power Automate .

New Android TapTrap attack fools users with invisible UI trick

A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. [...] https://www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fools-users-with-invisible-ui-trick/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5062553 & KB5062552 cumulative updates released

Microsoft has released Windows 11 KB5062553 and KB5062552 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5062553-and-kb5062552-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

Android malware Anatsa infiltrates Google Play to target US banks

The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. [...] https://www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/ Posted from: this blog via Microsoft Power Automate .

Malicious Chrome extensions with 1.7M installs found on Web Store

Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. [...] https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/ Posted from: this blog via Microsoft Power Automate .

Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage

A Chinese national was arrested in Milan, Italy, last week for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which responsible for cyberattacks against American organizations and government agencies. [...] https://www.bleepingcomputer.com/news/security/alleged-chinese-hacker-tied-to-silk-typhoon-arrested-for-cyberespionage/ Posted from: this blog via Microsoft Power Automate .

Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...] https://www.bleepingcomputer.com/news/security/public-exploits-released-for-citrixbleed-2-netscaler-flaw-patch-now/ Posted from: this blog via Microsoft Power Automate .

Qantas is being extorted in recent data-theft cyberattack

Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. [...] https://www.bleepingcomputer.com/news/security/qantas-is-being-extorted-in-recent-data-theft-cyberattack/ Posted from: this blog via Microsoft Power Automate .

'Batavia' Windows spyware campaign targets dozens of Russian orgs

A previously undocumented spyware called 'Batavia' has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. [...] https://www.bleepingcomputer.com/news/security/batavia-windows-spyware-campaign-targets-dozens-of-russian-orgs/ Posted from: this blog via Microsoft Power Automate .

Hackers abuse leaked Shellter red team tool to deploy infostealers

Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. [...] https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellter-red-team-tool-to-deploy-infostealers/ Posted from: this blog via Microsoft Power Automate .

OpenAI says GPT-5 will unify breakthroughs from different models

OpenAI has again confirmed that it will unify multiple models into one and create GPT-5, which is expected to ship sometime in the summer. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-gpt-5-will-unify-breakthroughs-from-different-models/ Posted from: this blog via Microsoft Power Automate .

OpenAI says GPT-5 will unify breakthroughs from different models

OpenAI has again confirmed that it will unify multiple models into one and create GPT-5, which is expected to ship sometime in the summer. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-gpt-5-will-unify-breakthroughs-from-different-models/ Posted from: this blog via Microsoft Power Automate .

Hands on with Windows 11 Notepad's new markdown support

Notepad now lets you use markdown text formatting on Windows 11, which means you can write in Notepad just like you could in WordPad. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-11-notepads-new-markdown-support/ Posted from: this blog via Microsoft Power Automate .

Hands on with Windows 11 Notepad's new markdown support

Notepad now lets you use markdown text formatting on Windows 11, which means you can write in Notepad just like you could in WordPad. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-windows-11-notepads-new-markdown-support/ Posted from: this blog via Microsoft Power Automate .

ChatGPT is testing disruptive Study Together feature

OpenAI's "Study together" mode has been spotted in the wild, and it could help students prepare for exams directly from ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-testing-disruptive-study-together-feature/ Posted from: this blog via Microsoft Power Automate .

ChatGPT is testing disruptive Study Together feature

OpenAI's "Study together" mode has been spotted in the wild, and it could help students prepare for exams directly from ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-is-testing-disruptive-study-together-feature/ Posted from: this blog via Microsoft Power Automate .

Ingram Micro outage caused by SafePay ransomware attack

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...] https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Google's AI video maker Veo 3 is now available via $20 Gemini

Google says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/googles-ai-video-maker-veo-3-is-now-available-via-20-gemini/ Posted from: this blog via Microsoft Power Automate .

Google's AI video maker Veo 3 is now available via $20 Gemini

Google says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/googles-ai-video-maker-veo-3-is-now-available-via-20-gemini/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Deep Research tests new connectors for more context

ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-deep-research-tests-new-connectors-for-more-context/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Deep Research tests new connectors for more context

ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-deep-research-tests-new-connectors-for-more-context/ Posted from: this blog via Microsoft Power Automate .

Hacker leaks Telefónica data allegedly stolen in a new breach

A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. [...] https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data-allegedly-stolen-in-a-new-breach/ Posted from: this blog via Microsoft Power Automate .

Leaks hints at Operator-like tool in ChatGPT ahead of GPT-5 launch

A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leaks-hints-at-operator-like-tool-in-chatgpt-ahead-of-gpt-5-launch/ Posted from: this blog via Microsoft Power Automate .

Leaks hints at Operator-like tool in ChatGPT ahead of GPT-5 launch

A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leaks-hints-at-operator-like-tool-in-chatgpt-ahead-of-gpt-5-launch/ Posted from: this blog via Microsoft Power Automate .

xAI prepares Grok 4 Code as it plans to take on Claude and Gemini

xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/xai-prepares-grok-4-code-as-it-plans-to-take-on-claude-and-gemini/ Posted from: this blog via Microsoft Power Automate .

Police dismantles investment fraud ring stealing €10 million

The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). [...] https://www.bleepingcomputer.com/news/legal/police-dismantles-investment-fraud-ring-stealing-10-million/ Posted from: this blog via Microsoft Power Automate .

Grafana releases critical security update for Image Renderer plugin

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...] https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/ Posted from: this blog via Microsoft Power Automate .

Microsoft asks users to ignore Windows Firewall config errors

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-ignore-windows-firewall-config-errors/ Posted from: this blog via Microsoft Power Automate .

NimDoor crypto-theft macOS malware revives itself when killed

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. [...] https://www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/ Posted from: this blog via Microsoft Power Automate .

DOJ investigates ex-ransomware negotiator over extortion kickbacks

An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. [...] https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/ Posted from: this blog via Microsoft Power Automate .

Spain arrests hackers who targeted politicians and journalists

The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. [...] https://www.bleepingcomputer.com/news/security/spain-arrests-hackers-who-targeted-politicians-and-journalists/ Posted from: this blog via Microsoft Power Automate .

Cisco warns that Unified CM has hardcoded root SSH credentials

Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. [...] https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/ Posted from: this blog via Microsoft Power Automate .

Citrix warns of login issues after NetScaler auth bypass patch

Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. [...] https://www.bleepingcomputer.com/news/security/citrix-warns-of-login-issues-after-netscaler-auth-bypass-patch/ Posted from: this blog via Microsoft Power Automate .

Qantas discloses cyberattack amid Scattered Spider aviation breaches

Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. [...] https://www.bleepingcomputer.com/news/security/qantas-discloses-cyberattack-amid-scattered-spider-aviation-breaches/ Posted from: this blog via Microsoft Power Automate .

AT&T rolls out "Wireless Lock" feature to block SIM swap attacks

AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...] https://www.bleepingcomputer.com/news/security/atandt-rolls-out-wireless-lock-feature-to-block-sim-swap-attacks/ Posted from: this blog via Microsoft Power Automate .

AT&T rolls out "Wireless Lock" feature to block SIM swap attacks

AT&T has launched a new security feature called "Wireless Lock" that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. [...] https://www.bleepingcomputer.com/news/security/atandt-rolls-out-wireless-lock-feature-to-block-sim-swap-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft open-sources VS Code Copilot Chat extension on GitHub

Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. [...] https://www.bleepingcomputer.com/news/security/microsoft-open-sources-vs-code-copilot-chat-extension-on-github/ Posted from: this blog via Microsoft Power Automate .

Kelly Benefits says 2024 data breach impacts 550,000 customers

Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. [...] https://www.bleepingcomputer.com/news/security/kelly-benefits-says-2024-data-breach-impacts-550-000-customers/ Posted from: this blog via Microsoft Power Automate .

Aeza Group sanctioned for hosting ransomware, infostealer servers

The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian disinformation campaigns. [...] https://www.bleepingcomputer.com/news/security/aeza-group-sanctioned-for-hosting-ransomware-infostealer-servers/ Posted from: this blog via Microsoft Power Automate .

New FileFix attack runs JScript while bypassing Windows MoTW alerts

A new FileFix attack allows executing malicious scripts while bypassing the Mark of the Web (MoTW) protection in Windows by exploiting how browsers handle saved HTML webpages. [...] https://www.bleepingcomputer.com/news/security/new-filefix-attack-runs-jscript-while-bypassing-windows-motw-alerts/ Posted from: this blog via Microsoft Power Automate .

Esse Health says recent data breach affects over 263,000 patients

Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. [...] https://www.bleepingcomputer.com/news/security/esse-health-says-recent-data-breach-affects-over-263-000-patients/ Posted from: this blog via Microsoft Power Automate .

Johnson Controls starts notifying people affected by 2023 breach

Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. [...] https://www.bleepingcomputer.com/news/security/johnson-controls-starts-notifying-people-affected-by-2023-breach/ Posted from: this blog via Microsoft Power Automate .

Google fixes fourth actively exploited Chrome zero-day of 2025

Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. [...] https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/ Posted from: this blog via Microsoft Power Automate .