Posts

Showing posts from August, 2025

OpenAI is testing "Thinking effort" for ChatGPT

OpenAI is working on a new feature called the Thinking effort picker for ChatGPT. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-testing-thinking-effort-for-chatgpt/ Posted from: this blog via Microsoft Power Automate .

TamperedChef infostealer delivered through fraudulent PDF Editor

Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. [...] https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5064081 update clears up CPU usage metrics in Task Manager

Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5064081-update-clears-up-cpu-usage-metrics-in-task-manager/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug behind Windows certificate enrollment errors

Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-certificate-enrollment-errors/ Posted from: this blog via Microsoft Power Automate .

WhatsApp patches vulnerability exploited in zero-day attacks

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. [...] https://www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft to enforce MFA for Azure resource management in October

Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enforce-mfa-for-azure-resource-management-in-october/ Posted from: this blog via Microsoft Power Automate .

Microsoft says recent Windows update didn't kill your SSD

Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-KB5063878-windows-update-didnt-kill-your-ssd/ Posted from: this blog via Microsoft Power Automate .

Google shares workarounds for auth failures on ChromeOS devices

Google is working to resolve authentication failures preventing users from signing into their Clever and ClassLink accounts on some ChromeOS devices. [...] https://www.bleepingcomputer.com/news/google/google-shares-chromeos-workarounds-for-clever-classlink-auth-failures/ Posted from: this blog via Microsoft Power Automate .

Malware devs abuse Anthropic’s Claude AI to build ransomware

Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packages. [...] https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/ Posted from: this blog via Microsoft Power Automate .

Passwordstate dev urges users to patch auth bypass vulnerability

Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. [...] https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/ Posted from: this blog via Microsoft Power Automate .

MATLAB dev says ransomware gang stole data of 10,000 people

MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April. [...] https://www.bleepingcomputer.com/news/security/matlab-dev-says-ransomware-gang-stole-data-of-over-10-000-people/ Posted from: this blog via Microsoft Power Automate .

TransUnion suffers data breach impacting over 4.4 million people

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States. [...] https://www.bleepingcomputer.com/news/security/transunion-suffers-data-breach-impacting-over-44-million-people/ Posted from: this blog via Microsoft Power Automate .

FreePBX servers hacked via zero-day, emergency fix released

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet. [...] https://www.bleepingcomputer.com/news/security/freepbx-servers-hacked-via-zero-day-emergency-fix-released/ Posted from: this blog via Microsoft Power Automate .

IT system supplier cyberattack impacts 200 municipalities in Sweden

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 regions of the country. [...] https://www.bleepingcomputer.com/news/security/it-system-supplier-cyberattack-impacts-200-municipalities-in-sweden/ Posted from: this blog via Microsoft Power Automate .

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt Typhoon global hacking campaigns to three China-based technology firms. [...] https://www.bleepingcomputer.com/news/security/global-salt-typhoon-hacking-campaigns-linked-to-chinese-tech-firms/ Posted from: this blog via Microsoft Power Automate .

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw

More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. [...] https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/ Posted from: this blog via Microsoft Power Automate .

Why zero trust is never 'done' and is an ever-evolving process

Zero trust isn't a project you finish—it's a cycle that keeps evolving. From supply chain exploits to policy drift, resilience requires continuous testing and adaptation. Learn how Specops Software supports this journey with tools that make it easier. [...] https://www.bleepingcomputer.com/news/security/why-zero-trust-is-never-done-and-is-an-ever-evolving-process/ Posted from: this blog via Microsoft Power Automate .

Healthcare Services Group data breach impacts 624,000 people

The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. [...] https://www.bleepingcomputer.com/news/security/healthcare-services-group-data-breach-impacts-624-000-people/ Posted from: this blog via Microsoft Power Automate .

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. [...] https://www.bleepingcomputer.com/news/security/citrix-fixes-critical-netscaler-rce-flaw-exploited-in-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. [...] https://www.bleepingcomputer.com/news/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Nevada closes state offices as cyberattack disrupts IT systems

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday. [...] https://www.bleepingcomputer.com/news/security/nevada-closes-state-offices-as-cyberattack-disrupts-it-systems/ Posted from: this blog via Microsoft Power Automate .

CISA warns of actively exploited Git code execution flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-git-code-execution-flaw/ Posted from: this blog via Microsoft Power Automate .

Nissan confirms design studio data breach claimed by Qilin ransomware

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). [...] https://www.bleepingcomputer.com/news/security/nissan-confirms-design-studio-data-breach-claimed-by-qilin-ransomware/ Posted from: this blog via Microsoft Power Automate .

Malicious Android apps with 19M installs removed from Google Play

Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. [...] https://www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/ Posted from: this blog via Microsoft Power Automate .

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. [...] https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/ Posted from: this blog via Microsoft Power Automate .

Defending against malware persistence techniques with Wazuh

Malware persistence keeps attackers in your systems long after reboots or resets. Wazuh helps detect and block hidden techniques like scheduled tasks, startup scripts, and modified system files—before they turn into long-term compromise. [...] https://www.bleepingcomputer.com/news/security/defending-against-malware-persistence-techniques-with-wazuh/ Posted from: this blog via Microsoft Power Automate .

FTC warns tech giants not to bow to foreign pressure on encryption

The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, compromise encryption, or impose censorship on their platforms. [...] https://www.bleepingcomputer.com/news/security/ftc-warns-tech-giants-not-to-bow-to-foreign-pressure-on-encryption/ Posted from: this blog via Microsoft Power Automate .

New Android malware poses as antivirus from Russian intelligence agency

A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. [...] https://www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/ Posted from: this blog via Microsoft Power Automate .

Murky Panda hackers exploit cloud trust to hack downstream customers

A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. [...] https://www.bleepingcomputer.com/news/security/murky-panda-hackers-exploit-cloud-trust-to-hack-downstream-customers/ Posted from: this blog via Microsoft Power Automate .

APT36 hackers abuse Linux .desktop files to install malware

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...] https://www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/ Posted from: this blog via Microsoft Power Automate .

Fake Mac fixes trick users into installing new Shamos infostealer

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. [...] https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer/ Posted from: this blog via Microsoft Power Automate .

Microsoft: August Windows updates cause severe streaming issues

Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-august-windows-updates-cause-severe-ndi-streaming-issues/ Posted from: this blog via Microsoft Power Automate .

Dev gets 4 years for creating kill switch on ex-employer's systems

A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. [...] https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/ Posted from: this blog via Microsoft Power Automate .

Colt confirms customer data stolen as Warlock ransomware auctions files

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. [...] https://www.bleepingcomputer.com/news/security/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files/ Posted from: this blog via Microsoft Power Automate .

Europol confirms $50,000 Qilin ransomware reward is fake

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. [...] https://www.bleepingcomputer.com/news/security/europol-confirms-that-qilin-ransomware-reward-is-fake/ Posted from: this blog via Microsoft Power Automate .

Europol confirms that Qilin ransomware reward is fake

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. [...] https://www.bleepingcomputer.com/news/security/europol-confirms-that-qilin-ransomware-reward-is-fake/ Posted from: this blog via Microsoft Power Automate .

Microsoft asks customers for feedback on SSD failure issues

​Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-customers-for-feedback-on-ssd-failure-issues/ Posted from: this blog via Microsoft Power Automate .

Why Certified VMware Pros Are Driving the Future of IT

From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG. [...] https://www.bleepingcomputer.com/news/security/why-certified-vmware-pros-are-driving-the-future-of-it/ Posted from: this blog via Microsoft Power Automate .

OpenAI says GPT-6 is coming and it'll be better than GPT-5 (obviously)

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-gpt-6-is-coming-and-itll-be-better-than-gpt-5-obviously/ Posted from: this blog via Microsoft Power Automate .

OpenAI says GPT-6 is coming and it'll be better than GPT-5 (obviously)

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-gpt-6-is-coming-and-itll-be-better-than-gpt-5-obviously/ Posted from: this blog via Microsoft Power Automate .

Apple fixes new zero-day flaw exploited in targeted attacks

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." [...] https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/ Posted from: this blog via Microsoft Power Automate .

“Rapper Bot” malware seized, alleged developer identified and charged

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...] https://www.bleepingcomputer.com/news/legal/rapper-bot-malware-seized-alleged-developer-identified-and-charged/ Posted from: this blog via Microsoft Power Automate .

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/ Posted from: this blog via Microsoft Power Automate .

Major password managers can leak logins in clickjacking attacks

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...] https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ Posted from: this blog via Microsoft Power Automate .

Why email security needs its EDR moment to move beyond prevention

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection. [...] https://www.bleepingcomputer.com/news/security/why-email-security-needs-its-edr-moment-to-move-beyond-prevention/ Posted from: this blog via Microsoft Power Automate .

Okta open-sources Auth0 rules catalog for threat detection

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...] https://www.bleepingcomputer.com/news/security/okta-open-sources-auth0-rules-catalog-for-threat-detection/ Posted from: this blog via Microsoft Power Automate .

OpenAI releases $4 ChatGPT plan, but it's not available in the US for now

OpenAI has finally announced the GPT Go subscription, which costs just $4 in the US or INR 399 in India. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-releases-4-chatgpt-plan-but-its-not-available-in-the-us-for-now/ Posted from: this blog via Microsoft Power Automate .

Pharma firm Inotiv says ransomware attack impacted operations

American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. [...] https://www.bleepingcomputer.com/news/security/pharma-firm-inotiv-says-ransomware-attack-impacted-operations/ Posted from: this blog via Microsoft Power Automate .

Microsoft: August security updates break Windows recovery, reset

Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-august-security-updates-break-windows-recovery-reset/ Posted from: this blog via Microsoft Power Automate .

NY Business Council discloses data breach affecting 47,000 people

The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. [...] https://www.bleepingcomputer.com/news/security/business-council-of-new-york-state-discloses-data-breach-affecting-47-000-people/ Posted from: this blog via Microsoft Power Automate .

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million. [...] https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/ Posted from: this blog via Microsoft Power Automate .

ERMAC Android malware source code leak exposes banking trojan infrastructure

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. [...] https://www.bleepingcomputer.com/news/security/ermac-android-malware-source-code-leak-exposes-banking-trojan-infrastructure/ Posted from: this blog via Microsoft Power Automate .

UK sentences “serial hacker” of 3,000 sites to 20 months in prison

A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year. [...] https://www.bleepingcomputer.com/news/legal/uk-sentences-serial-hacker-of-3-000-sites-to-20-months-in-prison/ Posted from: this blog via Microsoft Power Automate .

Mozilla warns Germany could soon declare ad blockers illegal

A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. [...] https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Recent Windows updates may fail to install via WUSA

Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-windows-server-2025-updates-may-fail-from-network-shares/ Posted from: this blog via Microsoft Power Automate .

OpenAI releases warmer GPT-5 personality, but only for non thinking model

OpenAI has confirmed it has begun rolling out a new warmer personality for GPT-5, but remember that it won't be as warm as GPT-4o, which is still available for use under legacy models. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-releases-warmer-gpt-5-personality-but-only-for-non-thinking-model/ Posted from: this blog via Microsoft Power Automate .

Anthropic: Claude can now end conversations to prevent harmful uses

OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm or is being abused. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-claude-can-now-end-conversations-to-prevent-harmful-uses/ Posted from: this blog via Microsoft Power Automate .

OpenAI prepares Chromium-based AI browser to take on Google

OpenAI is testing an AI-powered browser that uses Chromium as its underlying engine, and it could debut on macOS first. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-chromium-based-ai-browser-to-take-on-google/ Posted from: this blog via Microsoft Power Automate .

Leak: ChatGPT cheaper plan costs $4 or £3.50, might release everywhere

OpenAI is working on a cheaper plan called ChatGPT Go, and we previously thought it would be just limited to a few regions like India, but that may not be the case. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-chatgpt-cheaper-plan-costs-4-or-350-might-release-everywhere/ Posted from: this blog via Microsoft Power Automate .

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...] https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/ Posted from: this blog via Microsoft Power Automate .

Colt Telecom attack claimed by WarLock ransomware, data up for sale

UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms. [...] https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of max severity flaw in Firewall Management Center

Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/ Posted from: this blog via Microsoft Power Automate .

Plex warns users to patch security vulnerability immediately

Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. [...] https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/ Posted from: this blog via Microsoft Power Automate .

Crypto24 ransomware hits large orgs with custom EDR evasion tool

The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files. [...] https://www.bleepingcomputer.com/news/security/crypto24-ransomware-hits-large-orgs-with-custom-edr-evasion-tool/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Server bug causing cluster, VM issues

Microsoft has resolved a known issue that triggers Cluster service and VM restart issues after installing July's Windows Server 2019 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-bug-causing-cluster-vm-issues/ Posted from: this blog via Microsoft Power Automate .

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Ransomware and infostealers are winning on stealth, not encryption. Picus Blue Report 2025 reveals just 3% of data exfiltration attempts are stopped. Find and fix your biggest exposure gaps before they're exploited. [...] https://www.bleepingcomputer.com/news/security/when-theft-replaces-encryption-blue-report-2025-on-ransomware-and-infostealers/ Posted from: this blog via Microsoft Power Automate .

Canada’s House of Commons investigating data breach after cyberattack

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday. [...] https://www.bleepingcomputer.com/news/security/canadas-house-of-commons-investigating-data-breach-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Google Gemini's Deep Research is finally coming to API

Google Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-geminis-deep-research-is-finally-coming-to-api/ Posted from: this blog via Microsoft Power Automate .

Google Gemini's Deep Research is finally coming to API

Google Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-geminis-deep-research-is-finally-coming-to-api/ Posted from: this blog via Microsoft Power Automate .

Windows 11 24H2 updates failing again with 0x80240069 errors

The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-updates-failing-again-with-0x80240069-errors/ Posted from: this blog via Microsoft Power Automate .

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...] https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/ Posted from: this blog via Microsoft Power Automate .

Pennsylvania attorney general's email, site down after cyberattack

The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. [...] https://www.bleepingcomputer.com/news/security/pennsylvania-attorney-generals-email-site-down-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes PowerShell 2.0 from Windows 11, Windows Server

Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-powershell-20-from-windows-11-windows-server/ Posted from: this blog via Microsoft Power Automate .

Microsoft asks users to ignore certificate enrollment errors

Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-ignore-certificate-enrollment-errors/ Posted from: this blog via Microsoft Power Automate .

OpenAI adds new GPT-5 models, restores o3, o4-mini and it's a mess all over again

One of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made it worse. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-adds-new-gpt-5-models-restores-o3-o4-mini-and-its-a-mess-all-over-again/ Posted from: this blog via Microsoft Power Automate .

Android's pKVM hypervisor earns SESIP Level 5 security certification

Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. [...] https://www.bleepingcomputer.com/news/security/androids-pkvm-hypervisor-earns-sesip-level-5-security-certification/ Posted from: this blog via Microsoft Power Automate .

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. [...] https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/ Posted from: this blog via Microsoft Power Automate .

275M patient records breached—How to meet HIPAA password manager requirements

Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep healthcare running. Try it free for 1 month. [...] https://www.bleepingcomputer.com/news/security/275m-patient-records-breached-how-to-meet-hipaa-password-manager-requirements/ Posted from: this blog via Microsoft Power Automate .

Windows 11 23H2 Home and Pro reach end of support in November

Microsoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/ Posted from: this blog via Microsoft Power Automate .

Manpower discloses data breach affecting nearly 145,000 people

Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024. [...] https://www.bleepingcomputer.com/news/security/manpower-staffing-agency-discloses-data-breach-after-attack-claimed-by-ransomhub/ Posted from: this blog via Microsoft Power Automate .

Saint Paul cyberattack linked to Interlock ransomware gang

The mayor of Saint Paul, Minnesota's capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted many of the city's systems and services in July. [...] https://www.bleepingcomputer.com/news/security/saint-paul-cyberattack-linked-to-interlock-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

MuddyWater’s DarkBit ransomware cracked for free data recovery

Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom. [...] https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/ Posted from: this blog via Microsoft Power Automate .

'Chairmen' of $100 million scam operation extradited to US

The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in romance scams and business email compromise attacks. [...] https://www.bleepingcomputer.com/news/security/us-charges-ghanaians-linked-to-theft-of-100-million-in-romance-scams-bec-attacks/ Posted from: this blog via Microsoft Power Automate .

Over 29,000 Exchange servers unpatched against high-severity flaw

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. [...] https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/ Posted from: this blog via Microsoft Power Automate .

Connex Credit Union data breach impacts 172,000 members

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. [...] https://www.bleepingcomputer.com/news/security/connex-credit-union-discloses-data-breach-impacting-172-000-people/ Posted from: this blog via Microsoft Power Automate .

Google Calendar invites let researchers hijack Gemini to leak user data

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data. [...] https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/ Posted from: this blog via Microsoft Power Automate .

60 malicious Ruby gems downloaded 275,000 times steal credentials

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. [...] https://www.bleepingcomputer.com/news/security/60-malicious-ruby-gems-downloaded-275-000-times-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

OpenAI to fix GPT-5 issues, double rate limits for paid users after outrage

OpenAI's CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-to-fix-gpt-5-issues-double-rate-limits-for-paid-users-after-outrage/ Posted from: this blog via Microsoft Power Automate .

WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. [...] https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

FTC: older adults lost record $700 million to scammers in 2024

Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission. [...] https://www.bleepingcomputer.com/news/security/ftc-older-adults-lost-record-700-million-to-scammers-in-2024/ Posted from: this blog via Microsoft Power Automate .

U.S. Judiciary confirms breach of court electronic records service

The U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and is strengthening cybersecurity measures. [...] https://www.bleepingcomputer.com/news/security/us-judiciary-confirms-breach-of-court-electronic-records-service/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 apps to soon block file access via FPRPC by default

Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. [...] https://www.bleepingcomputer.com/news/security/microsoft-365-apps-to-soon-block-file-access-via-insecure-fprpc-legacy-auth-protocol-by-default/ Posted from: this blog via Microsoft Power Automate .

Microsoft will kill the Lens PDF scanner app for iOS, Android

Microsoft announced that it will phase out the Microsoft Lens PDF scanner app for Android and iOS devices starting September 15, 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-will-kill-the-microsoft-lens-pdf-scanner-app-for-ios-android-in-september/ Posted from: this blog via Microsoft Power Automate .

New EDR killer tool used by eight different ransomware groups

A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. [...] https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/ Posted from: this blog via Microsoft Power Automate .

Bouygues Telecom confirms data breach impacting 6.4 million customers

Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...] https://www.bleepingcomputer.com/news/security/bouygues-telecom-confirms-data-breach-impacting-64-million-customers/ Posted from: this blog via Microsoft Power Automate .

Wave of 150 crypto-draining extensions hits Firefox add-on store

A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. [...] https://www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/ Posted from: this blog via Microsoft Power Automate .

Cryptomixer founders pled guilty to laundering money for cybercriminals

The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. [...] https://www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/ Posted from: this blog via Microsoft Power Automate .

Massive IPTV piracy service with 28,000 channels taken offline

The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. [...] https://www.bleepingcomputer.com/news/technology/massive-illegal-iptv-service-provider-rare-breed-tv-taken-offline/ Posted from: this blog via Microsoft Power Automate .

MFA matters… But it isn’t enough on its own

MFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn't undo the other. Book your free trial today. [...] https://www.bleepingcomputer.com/news/security/mfa-matters-but-it-isnt-enough-on-its-own/ Posted from: this blog via Microsoft Power Automate .

National Bank of Canada online systems down due to 'technical issue'

National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms. [...] https://www.bleepingcomputer.com/news/technology/national-bank-of-canada-online-systems-down-due-to-technical-issue/ Posted from: this blog via Microsoft Power Automate .

ReVault flaws let hackers bypass Windows login on Dell laptops

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...] https://www.bleepingcomputer.com/news/security/revault-flaws-let-hackers-bypass-windows-login-on-dell-laptops/ Posted from: this blog via Microsoft Power Automate .

WhatsApp adds new security feature to protect against scams

WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. [...] https://www.bleepingcomputer.com/news/security/whatsapp-adds-new-security-feature-to-protect-against-scams/ Posted from: this blog via Microsoft Power Automate .

Trend Micro warns of Apex One zero-day exploited in attacks

Trend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. [...] https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-endpoint-protection-zero-day-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft pays record $17 million in bounties over the last 12 months

​Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/ Posted from: this blog via Microsoft Power Automate .

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. [...] https://www.bleepingcomputer.com/news/security/adobe-issues-emergency-fixes-for-aem-forms-zero-days-after-pocs-released/ Posted from: this blog via Microsoft Power Automate .

The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025

Can your defenses withstand the biggest attacks of Summer 2025? From Interlock's FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization's defenses with Picus Security Validation Platform to find gaps before attackers do. [...] https://www.bleepingcomputer.com/news/security/the-heat-wasnt-just-outside-cyber-attacks-spiked-in-summer-2025/ Posted from: this blog via Microsoft Power Automate .

Cisco discloses data breach impacting Cisco.com user accounts

Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative. [...] https://www.bleepingcomputer.com/news/security/cisco-discloses-data-breach-impacting-ciscocom-user-accounts/ Posted from: this blog via Microsoft Power Automate .

SonicWall urges admins to disable SSLVPN amid rising attacks

SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. [...] https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-disable-sslvpn-amid-rising-attacks/ Posted from: this blog via Microsoft Power Automate .

Android gets patches for Qualcomm flaws exploited in attacks

Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. [...] https://www.bleepingcomputer.com/news/security/android-gets-patches-for-qualcomm-flaws-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft increases Zero Day Quest prize pool to $5 million

Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history." [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-5-million-prize-pool-for-zero-day-quest-hacking-contest/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Outdated Office apps lose access to voice features in January

Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-outdated-office-apps-lose-access-to-voice-features-in-january/ Posted from: this blog via Microsoft Power Automate .

CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users

The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...] https://www.bleepingcomputer.com/news/security/ctm360-spots-malicious-clicktok-campaign-targeting-tiktok-shop-users/ Posted from: this blog via Microsoft Power Automate .

New Plague Linux malware stealthily maintains SSH access

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. [...] https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-attacks-targeting-microsoft-sharepoint-servers/ Posted from: this blog via Microsoft Power Automate .

Mozilla warns of phishing attacks targeting add-on developers

Mozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. [...] https://www.bleepingcomputer.com/news/security/mozilla-warns-of-phishing-attacks-targeting-add-on-developers/ Posted from: this blog via Microsoft Power Automate .

Attackers exploit link-wrapping services to steal Microsoft 365 logins

A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. [...] https://www.bleepingcomputer.com/news/security/attackers-exploit-link-wrapping-services-to-steal-microsoft-365-logins/ Posted from: this blog via Microsoft Power Automate .

OpenAI prepares new open weight models along with GPT-5

OpenAI isn't just working on GPT-5. It looks like OpenAI is also preparing to release new open-source weights, living up to its name, OpenAI.' [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-prepares-new-open-weight-models-along-with-gpt-5/ Posted from: this blog via Microsoft Power Automate .

Anthropic says OpenAI engineers using Claude Code ahead of GPT-5 launch

Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-says-openai-engineers-using-claude-code-ahead-of-gpt-5-launch/ Posted from: this blog via Microsoft Power Automate .

OpenAI may be testing a cheaper paid plan for ChatGPT

OpenAI is reportedly working on a new plan called 'Go,' which would be cheaper than the existing $20 Plus subscription. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-may-be-testing-a-cheaper-paid-plan-for-chatgpt/ Posted from: this blog via Microsoft Power Automate .

SonicWall firewall devices hit in surge of Akira ransomware attacks

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. [...] https://www.bleepingcomputer.com/news/security/surge-of-akira-ransomware-attacks-hits-sonicwall-firewall-devices/ Posted from: this blog via Microsoft Power Automate .

Pi-hole discloses data breach via GiveWp WordPress plugin flaw

Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...] https://www.bleepingcomputer.com/news/security/pi-hole-discloses-data-breach-via-givewp-wordpress-plugin-flaw/ Posted from: this blog via Microsoft Power Automate .

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. [...] https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/ Posted from: this blog via Microsoft Power Automate .