Posts

Showing posts from September, 2025

Imgur blocks UK users after data watchdog signals possible fine

People in the United Kingdom are no longer able to access content hosted on the Imgur, a popular media sharing site, after a UK data watchdog warned it may impose a monetary penalty on the parent company, MediaLab. [...] https://www.bleepingcomputer.com/news/technology/imgur-blocks-uk-users-after-data-watchdog-signals-possible-fine/ Posted from: this blog via Microsoft Power Automate .

Sendit sued by the FTC for illegal collection of children data

The Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as well as deceptive subscription practices. [...] https://www.bleepingcomputer.com/news/legal/sendit-sued-by-the-ftc-for-illegal-collection-of-children-data/ Posted from: this blog via Microsoft Power Automate .

New MatrixPDF toolkit turns PDFs into phishing and malware lures

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. [...] https://www.bleepingcomputer.com/news/security/new-matrixpdf-toolkit-turns-pdfs-into-phishing-and-malware-lures/ Posted from: this blog via Microsoft Power Automate .

WestJet confirms recent breach exposed customers' passports

Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised their sensitive information, including passports and ID documents. [...] https://www.bleepingcomputer.com/news/security/westjet-confirms-recent-breach-exposed-customers-passports/ Posted from: this blog via Microsoft Power Automate .

Windows 11 2025 Update (25H2) is now available, Here's what's new

Today, Microsoft announced the release of Windows 11 25H2, also known as Windows 11 2025 Update. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-2025-update-25h2-is-now-available-heres-whats-new/ Posted from: this blog via Microsoft Power Automate .

VMware Certification Is Surging in a Shifting IT Landscape

VMware certification is surging as IT teams face hybrid infra, cloud complexity, & rising risks. See how VMUG Advantage helps practitioners & enterprises turn certification into stronger security & measurable value. [...] https://www.bleepingcomputer.com/news/security/vmware-certification-is-surging-in-a-shifting-it-landscape/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5065789 update released with 41 changes and fixes

​​Microsoft has released the KB5065789 preview cumulative update for Windows 11 24H2, which includes 41 improvements, including new AI actions in File Explorer and bug fixes for Windows Update and Windows Sandbox. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5065789-update-released-with-41-changes-and-fixes/ Posted from: this blog via Microsoft Power Automate .

Broadcom fixes high-severity VMware NSX bugs reported by NSA

Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). [...] https://www.bleepingcomputer.com/news/security/broadcom-fixes-high-severity-vmware-nsx-bugs-reported-by-nsa/ Posted from: this blog via Microsoft Power Automate .

UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure

The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion). [...] https://www.bleepingcomputer.com/news/security/uk-convicts-bitcoin-queen-in-worlds-largest-cryptocurrency-seizure/ Posted from: this blog via Microsoft Power Automate .

Japan's largest brewer suspends operations due to cyberattack

Asahi Group Holdings, Ltd (Asahi), the brewer of Japan's top-selling beer, has disclosed a cyberattack that disrupted several of its operations. [...] https://www.bleepingcomputer.com/news/security/japans-largest-brewer-suspends-operations-due-to-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang sought BBC reporter’s help in hacking media giant

Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-sought-bbc-reporters-help-in-hacking-media-giant/ Posted from: this blog via Microsoft Power Automate .

Harrods suffers new data breach exposing 430,000 customer records

UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information. [...] https://www.bleepingcomputer.com/news/security/harrods-suffers-new-data-breach-exposing-430-000-customer-records/ Posted from: this blog via Microsoft Power Automate .

ChatGPT tests free trial for paid plans, rolls out cheaper Go in more regions

OpenAI is offering some users a free trial for ChatGPT Plus, which costs $20. In addition, $4 GPT Go is now available in Indonesia. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-tests-free-trial-for-paid-plans-rolls-out-cheaper-go-in-more-regions/ Posted from: this blog via Microsoft Power Automate .

OpenAI is routing GPT-4o to safety models when it detects harmful activities

Over the weekend, some people noticed that GPT-4o is routing requests to an unknown model out of nowhere. Turns out it's a "safety" feature. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-routing-gpt-4o-to-safety-models-when-it-detects-harmful-activities/ Posted from: this blog via Microsoft Power Automate .

Akira ransomware breaching MFA-protected SonicWall VPN accounts

Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully authenticating despite OTP MFA being enabled on accounts. [...] https://www.bleepingcomputer.com/news/security/akira-ransomware-breaching-mfa-protected-sonicwall-vpn-accounts/ Posted from: this blog via Microsoft Power Automate .

EU probes SAP over anti-competitive ERP support practices

The European Comission is investigating potential anti-competitive practices in aftermarket services SAP provides for its on-premise ERP software. [...] https://www.bleepingcomputer.com/news/legal/eu-probes-sap-over-anti-competitive-erp-support-practices/ Posted from: this blog via Microsoft Power Automate .

Fake Microsoft Teams installers push Oyster malware via malvertising

Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-installers-push-oyster-malware-via-malvertising/ Posted from: this blog via Microsoft Power Automate .

Microsoft’s new AI feature will organize your photos automatically

Microsoft has begun testing a new AI-powered feature in Microsoft Photos, designed to categorize photos automatically on Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsofts-new-ai-feature-will-organize-your-photos-automatically/ Posted from: this blog via Microsoft Power Automate .

Maximum severity GoAnywhere MFT flaw exploited as zero day

Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. [...] https://www.bleepingcomputer.com/news/security/maximum-severity-goanywhere-mft-flaw-exploited-as-zero-day/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases the final Windows 10 22H2 preview update

Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-final-windows-10-22h2-preview-update/ Posted from: this blog via Microsoft Power Automate .

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs

Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. [...] https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-xcsset-macos-malware-variant-targeting-xcode-devs/ Posted from: this blog via Microsoft Power Automate .

Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. [...] https://www.bleepingcomputer.com/news/security/unofficial-postmark-mcp-npm-silently-stole-users-emails/ Posted from: this blog via Microsoft Power Automate .

Co-op says it lost $107 million after Scattered Spider attack

The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April. [...] https://www.bleepingcomputer.com/news/security/co-op-says-it-lost-107-million-after-scattered-spider-attack/ Posted from: this blog via Microsoft Power Automate .

Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. [...] https://www.bleepingcomputer.com/news/security/malicious-rust-packages-on-cratesio-steal-crypto-wallet-keys/ Posted from: this blog via Microsoft Power Automate .

How secure are passkeys, really? Here's what you need to know

Passwords are weak links—88% of breaches involve stolen creds. Learn more from Specops Software about how passkeys deliver phishing resistance, simpler logins & lower support costs (with some hurdles to adoption). [...] https://www.bleepingcomputer.com/news/security/how-secure-are-passkeys-really-heres-what-you-need-to-know/ Posted from: this blog via Microsoft Power Automate .

Microsoft will offer free Windows 10 security updates in Europe

Microsoft will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), which includes Iceland, Liechtenstein, Norway, and all 27 European Union member states. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-will-offer-free-windows-10-security-updates-in-europe/ Posted from: this blog via Microsoft Power Automate .

New Supermicro BMC flaws can create persistent backdoors

Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. [...] https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2025.3 released with 10 new tools, wifi enhancements

Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20253-released-with-10-new-tools-wifi-enhancements/ Posted from: this blog via Microsoft Power Automate .

UK arrests suspect for RTX ransomware attack causing airport disruptions

The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. [...] https://www.bleepingcomputer.com/news/security/uk-arrests-suspect-for-rtx-ransomware-attack-causing-airport-disruptions/ Posted from: this blog via Microsoft Power Automate .

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. [...] https://www.bleepingcomputer.com/news/security/pypi-urges-users-to-reset-credentials-after-new-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. [...] https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/ Posted from: this blog via Microsoft Power Automate .

Boyd Gaming discloses data breach after suffering a cyberattack

US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. [...] https://www.bleepingcomputer.com/news/security/boyd-gaming-discloses-data-breach-after-suffering-a-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Libraesva ESG issues emergency fix for bug exploited by state hackers

Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. [...] https://www.bleepingcomputer.com/news/security/libraesva-esg-issues-emergency-fix-for-bug-exploited-by-state-hackers/ Posted from: this blog via Microsoft Power Automate .

WhatsApp adds message translation to iPhone and Android apps

WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates. [...] https://www.bleepingcomputer.com/news/security/whatsapp-adds-message-translation-to-iphone-and-android-apps/ Posted from: this blog via Microsoft Power Automate .

SonicWall releases SMA100 firmware update to wipe rootkit malware

SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. [...] https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/ Posted from: this blog via Microsoft Power Automate .

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. [...] https://www.bleepingcomputer.com/news/security/github-tightens-npm-security-with-mandatory-2fa-access-tokens/ Posted from: this blog via Microsoft Power Automate .

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovative steganographic technique to harvest sensitive data, such as user credentials, from a compromised machine. [...] https://www.bleepingcomputer.com/news/security/npm-package-caught-using-qr-code-to-fetch-cookie-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

Airport disruptions in Europe caused by a ransomware attack

The disruptions over the weekend at several major European airports were caused by a ransomware attack targeting the check-in and boarding systems. [...] https://www.bleepingcomputer.com/news/security/airport-disruptions-in-europe-caused-by-a-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

American Archive of Public Broadcasting fixes bug exposing restricted media

​A vulnerability in the American Archive of Public Broadcasting's website allowed downloading of protected and private media for years, with the flaw quietly patched this month. [...] https://www.bleepingcomputer.com/news/security/american-archive-of-public-broadcasting-fixes-bug-exposing-restricted-media/ Posted from: this blog via Microsoft Power Automate .

Automaker giant Stellantis confirms data breach after Salesforce hack

Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access to a third-party service provider's platform. [...] https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ Posted from: this blog via Microsoft Power Automate .

New EDR-Freeze tool uses Windows WER to suspend security software

A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system. [...] https://www.bleepingcomputer.com/news/security/new-edr-freeze-tool-uses-windows-wer-to-suspend-security-software/ Posted from: this blog via Microsoft Power Automate .

Mozilla now lets Firefox add-on devs roll back bad updates

Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. [...] https://www.bleepingcomputer.com/news/software/mozilla-now-lets-firefox-add-on-devs-roll-back-bad-updates/ Posted from: this blog via Microsoft Power Automate .

LastPass: Fake password managers infect Mac users with malware

LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. [...] https://www.bleepingcomputer.com/news/security/lastpass-fake-password-managers-infect-mac-users-with-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft says recent updates cause DRM video playback issues

Microsoft has confirmed a known issue that prevents some apps from playing Digital Rights Management (DRM) protected video content or displaying and recording live TV. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-updates-cause-drm-video-playback-issues/ Posted from: this blog via Microsoft Power Automate .

Verified Steam game steals streamer's cancer treatment donations

A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named Block Blasters that drained his cryptocurrency wallet. [...] https://www.bleepingcomputer.com/news/security/verified-steam-game-steals-streamers-cancer-treatment-donations/ Posted from: this blog via Microsoft Power Automate .

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...] https://www.bleepingcomputer.com/news/security/microsoft-entra-id-flaw-allowed-hijacking-any-companys-tenant/ Posted from: this blog via Microsoft Power Automate .

Canada dismantles TradeOgre exchange, seizes $40 million in crypto

The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal activities. [...] https://www.bleepingcomputer.com/news/security/canada-dismantles-tradeogre-exchange-seizes-40-million-in-crypto/ Posted from: this blog via Microsoft Power Automate .

Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses

Ransomware remains one of the most destructive threats—because defenses keep failing. Picus Blue Report 2025 shows prevention dropped to 62%, while data exfiltration prevention collapsed to just 3%. [...] https://www.bleepingcomputer.com/news/security/known-emerging-unstoppable-ransomware-attacks-still-evade-defenses/ Posted from: this blog via Microsoft Power Automate .

Steam will stop running on Windows 32-bit in January 2026

Valve has announced that its Steam digital distribution service will drop support for 32-bit versions of Windows starting January 2026. [...] https://www.bleepingcomputer.com/news/software/steam-will-stop-running-on-windows-32-bit-in-january-2026/ Posted from: this blog via Microsoft Power Automate .

ChatGPT Search is now smarter as OpenAI takes on Google Search

OpenAI has rolled out a big update to ChatGPT Search, which is an AI-powered search feature, similar to Google AI Mode. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-search-is-now-smarter-as-openai-takes-on-google-search/ Posted from: this blog via Microsoft Power Automate .

ChatGPT now gives you greater control over GPT-5 Thinking model

OpenAI is finally rolling out a toggle that allows you to decide how hard the GPT-5-thinking model can think. This feature is rolling out to Plus and Pro subscribers. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-now-gives-you-greater-control-over-gpt-5-thinking-model/ Posted from: this blog via Microsoft Power Automate .

Target-rich environment: Why Microsoft 365 has become the biggest risk

Microsoft 365's dominance and tight integration makes it a massive target in today's cyber landscape. Its tight integration expands the attack surface and amplifies risk. Learn from Acronis TRU why backup blind spots & lateral movement risks demand stronger defenses. [...] https://www.bleepingcomputer.com/news/security/target-rich-environment-why-microsoft-365-has-become-the-biggest-risk/ Posted from: this blog via Microsoft Power Automate .

Notepad gets free AI features on Copilot+ PCs with Windows 11

Microsoft is adding free AI-powered text writing capabilities to Notepad for customers with Copilot+ PCs running Windows 11. [...] https://www.bleepingcomputer.com/news/microsoft/notepad-gets-free-ai-features-on-copilot-plus-pcs-with-windows-11/ Posted from: this blog via Microsoft Power Automate .

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. [...] https://www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

WatchGuard warns of critical vulnerability in Firebox firewalls

WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. [...] https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/ Posted from: this blog via Microsoft Power Automate .

Google patches sixth Chrome zero-day exploited in attacks this year

Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. [...] https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/ Posted from: this blog via Microsoft Power Automate .

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. [...] https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/ Posted from: this blog via Microsoft Power Automate .

VC giant Insight Partners warns thousands after ransomware breach

New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. [...] https://www.bleepingcomputer.com/news/security/vc-giant-insight-partners-warns-thousands-after-ransomware-breach/ Posted from: this blog via Microsoft Power Automate .

SonicWall warns customers to reset credentials after breach

SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. [...] https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-reset-credentials-after-MySonicWall-breach/ Posted from: this blog via Microsoft Power Automate .

From ClickFix to MetaStealer: Dissecting Evolving Threat Actor Techniques

ClickFix isn't just back—it's mutating. New variants use fake CAPTCHAs, File Explorer tricks & MSI lures to drop MetaStealer. Stay ahead with Huntress' Tradecraft Tuesday threat briefings. [...] https://www.bleepingcomputer.com/news/security/from-clickfix-to-metastealer-dissecting-evolving-threat-actor-techniques/ Posted from: this blog via Microsoft Power Automate .

Microsoft and Cloudflare disrupt massive RaccoonO365 phishing service

Microsoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. [...] https://www.bleepingcomputer.com/news/security/microsoft-and-cloudflare-disrupt-massive-raccoono365-phishing-service/ Posted from: this blog via Microsoft Power Automate .

BreachForums hacking forum admin resentenced to three years in prison

Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, was resentenced today to three years in prison after a federal appeals court overturned his prior sentence of time served and 20 years of supervised release. [...] https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-admin-resentenced-to-three-years-in-prison/ Posted from: this blog via Microsoft Power Automate .

Team-Wide VMware Certification: Your Secret Weapon for Security

One VMware-certified pro is a win. An entire certified team? That's a security multiplier. VMUG Advantage makes team-wide certification practical—building collaboration, resilience, and retention. [...] https://www.bleepingcomputer.com/news/security/team-wide-vmware-certification-your-secret-weapon-for-security/ Posted from: this blog via Microsoft Power Automate .

Jaguar Land Rover extends shutdown after cyberattack by another week

Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. [...] https://www.bleepingcomputer.com/news/security/jaguar-land-rover-extends-shutdown-after-cyberattack-by-another-week/ Posted from: this blog via Microsoft Power Automate .

Webinar: Your browser is the breach — securing the modern web edge

The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. Join BleepingComputer, SC Media, and Push Security on September 29 at 12:00 PM ET for a live webinar on how attackers are targeting the browser to hijack sessions, steal data, and bypass security. [...] https://www.bleepingcomputer.com/news/security/webinar-your-browser-is-the-breach-securing-the-modern-web-edge/ Posted from: this blog via Microsoft Power Automate .

OpenAI's new GPT-5 Codex model takes on Claude Code

OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, IDE extension, and Codex Web (codex.chatgpt.com). [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-new-gpt-5-codex-model-takes-on-claude-code/ Posted from: this blog via Microsoft Power Automate .

OpenAI's new GPT-5 Codex model takes on Claude Code

OpenAI is rolling out the GPT-5 Codex model to all Codex instances, including Terminal, IDE extension, and Codex Web (codex.chatgpt.com). [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-new-gpt-5-codex-model-takes-on-claude-code/ Posted from: this blog via Microsoft Power Automate .

Google confirms hackers gained access to law enforcement portal

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...] https://www.bleepingcomputer.com/news/security/google-confirms-hackers-gained-access-to-law-enforcement-portal/ Posted from: this blog via Microsoft Power Automate .

Stop waiting on NVD — get real-time vulnerability alerts now

Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. [...] https://www.bleepingcomputer.com/news/security/stop-waiting-on-nvd-get-real-time-vulnerability-alerts-now/ Posted from: this blog via Microsoft Power Automate .

Microsoft says Windows September updates break SMBv1 shares

​Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-september-updates-break-smbv1-shares/ Posted from: this blog via Microsoft Power Automate .

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-unc6040-unc6395-hackers-stealing-salesforce-data/ Posted from: this blog via Microsoft Power Automate .

New VoidProxy phishing service targets Microsoft 365, Google accounts

A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. [...] https://www.bleepingcomputer.com/news/security/new-voidproxy-phishing-service-targets-microsoft-365-google-accounts/ Posted from: this blog via Microsoft Power Automate .

New HybridPetya ransomware can bypass UEFI Secure Boot

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...] https://www.bleepingcomputer.com/news/security/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot/ Posted from: this blog via Microsoft Power Automate .

Windows 11 23H2 Home and Pro reach end of support in 60 days

Microsoft has reminded customers today that devices running Home and Pro editions of Windows 11 23H2 will stop receiving updates in November. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-60-days/ Posted from: this blog via Microsoft Power Automate .

U.S. Senator accuses Microsoft of “gross cybersecurity negligence”

U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. [...] https://www.bleepingcomputer.com/news/security/us-senator-accuses-microsoft-of-gross-cybersecurity-negligence/ Posted from: this blog via Microsoft Power Automate .

Panama Ministry of Economy discloses breach claimed by INC ransomware

Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. [...] https://www.bleepingcomputer.com/news/security/panama-ministry-of-economy-discloses-breach-claimed-by-inc-ransomware/ Posted from: this blog via Microsoft Power Automate .

Microsoft adds malicious link warnings to Teams private chats

Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. [...] https://www.bleepingcomputer.com/news/security/microsoft-adds-malicious-link-warnings-to-teams-private-chats/ Posted from: this blog via Microsoft Power Automate .

Akira ransomware exploiting critical SonicWall SSLVPN bug again

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...] https://www.bleepingcomputer.com/news/security/akira-ransomware-exploiting-critical-sonicwall-sslvpn-bug-again/ Posted from: this blog via Microsoft Power Automate .

The Buyer’s Guide to Browser Extension Management

Browser extensions boost productivity—but also open the door to hidden risks like data exfiltration and AitM attacks. Keep Aware's Buyer's Guide shows how to gain visibility, enforce policies, and block risky add-ons in real time. [...] https://www.bleepingcomputer.com/news/security/the-buyers-guide-to-browser-extension-management/ Posted from: this blog via Microsoft Power Automate .

Hackers left empty-handed after massive NPM supply-chain attack

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it. [...] https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Pixel 10 fights AI fakes with new Android photo verification tech

Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology. [...] https://www.bleepingcomputer.com/news/security/pixel-10-fights-ai-fakes-with-new-android-photo-verification-tech/ Posted from: this blog via Microsoft Power Automate .

Cursor AI editor lets repos “autorun” malicious code on devices

A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened. [...] https://www.bleepingcomputer.com/news/security/cursor-ai-editor-lets-repos-autorun-malicious-code-on-devices/ Posted from: this blog via Microsoft Power Automate .

Can I have a new password, please? The $400M question.

Scattered Spider didn't need a zero-day to breach Clorox. They just phoned the help desk—convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical. [...] https://www.bleepingcomputer.com/news/security/can-i-have-a-new-password-please-the-400m-question/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes streaming issues triggered by Windows updates

Microsoft has resolved severe lag and stuttering issues with streaming software affecting Windows 10 and Windows 11 systems after installing the August 2025 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-streaming-issues-triggered-by-windows-updates/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes app install issues caused by August Windows updates

Microsoft has fixed a known issue caused by the August 2025 security updates, which triggers unexpected User Account Control (UAC) prompts and app installation problems for non-admin users on all Windows versions. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-app-install-issues-caused-by-august-windows-updates/ Posted from: this blog via Microsoft Power Automate .

US charges admin of LockerGoga, MegaCortex, Nefilim ransomware

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. [...] https://www.bleepingcomputer.com/news/security/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ Posted from: this blog via Microsoft Power Automate .

How External Attack Surface Management helps enterprises manage cyber risk

Shadow assets don't care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy. [...] https://www.bleepingcomputer.com/news/security/how-external-attack-surface-management-helps-enterprises-manage-cyber-risk/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Anti-spam bug blocks links in Exchange Online, Teams

​Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-spam-bug-blocks-links-in-exchange-online-teams/ Posted from: this blog via Microsoft Power Automate .

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. [...] https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/ Posted from: this blog via Microsoft Power Automate .

Microsoft testing new AI features in Windows 11 File Explorer

Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing to open the files. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-new-ai-features-in-windows-11-file-explorer/ Posted from: this blog via Microsoft Power Automate .

Plex tells users to reset passwords after new data breach

Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. [...] https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/ Posted from: this blog via Microsoft Power Automate .

Sports streaming piracy service with 123M yearly visits shut down

​Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...] https://www.bleepingcomputer.com/news/security/massive-calcio-sports-streaming-piracy-service-with-123m-yearly-visits-shut-down/ Posted from: this blog via Microsoft Power Automate .

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...] https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. [...] https://www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management

With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now! [...] https://www.bleepingcomputer.com/news/security/action1-vs-microsoft-wsus-a-better-approach-to-modern-patch-management/ Posted from: this blog via Microsoft Power Automate .

Google to make it easier to access AI Mode as default

Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links. [...] https://www.bleepingcomputer.com/news/google/google-to-make-it-easier-to-access-ai-mode-as-default/ Posted from: this blog via Microsoft Power Automate .

Google to make it easier to access AI Mode as default

Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links. [...] https://www.bleepingcomputer.com/news/google/google-to-make-it-easier-to-access-ai-mode-as-default/ Posted from: this blog via Microsoft Power Automate .

ChatGPT makes Projects feature free, adds a toggle to split chat

ChatGPT's Projects feature is now feature and second new feature allows you to create new conversations from existing conversations. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-makes-projects-feature-free-adds-a-toggle-to-split-chat/ Posted from: this blog via Microsoft Power Automate .

Czech cyber agency warns against Chinese tech in critical infrastructure

The Czech Republic's National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. [...] https://www.bleepingcomputer.com/news/security/czech-cyber-agency-warns-against-chinese-tech-in-critical-infrastructure/ Posted from: this blog via Microsoft Power Automate .

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. [...] https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/ Posted from: this blog via Microsoft Power Automate .

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-now-enforces-mfa-on-azure-portal-sign-ins-for-all-tenants/ Posted from: this blog via Microsoft Power Automate .

EU fines Google $3.5 billion for anti-competitive ad practices

The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over those of its competitors. [...] https://www.bleepingcomputer.com/news/google/eu-fines-google-35-billion-for-anti-competitive-ad-practices/ Posted from: this blog via Microsoft Power Automate .

Financial services firm Wealthsimple discloses data breach

Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. [...] https://www.bleepingcomputer.com/news/security/financial-services-firm-wealthsimple-discloses-data-breach/ Posted from: this blog via Microsoft Power Automate .

Microsoft gives US students a free year of Microsoft 365 Personal

Microsoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-gives-us-students-a-free-year-of-microsoft-365-personal/ Posted from: this blog via Microsoft Power Automate .

Don’t let outdated IGA hold back your security, compliance, and growth

Identity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations, streamlined governance, and built-in compliance. [...] https://www.bleepingcomputer.com/news/security/dont-let-outdated-iga-hold-back-your-security-compliance-and-growth/ Posted from: this blog via Microsoft Power Automate .

Critical SAP S/4HANA vulnerability now exploited in attacks

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. [...] https://www.bleepingcomputer.com/news/security/critical-sap-s-4hana-vulnerability-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Texas sues PowerSchool over breach exposing 62M students, 880k Texans

Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. [...] https://www.bleepingcomputer.com/news/security/texas-sues-powerschool-after-massive-data-breach-hit-62-million-students/ Posted from: this blog via Microsoft Power Automate .

Chess.com discloses recent data breach via file transfer app

Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. [...] https://www.bleepingcomputer.com/news/security/chesscom-discloses-recent-data-breach-via-file-transfer-app/ Posted from: this blog via Microsoft Power Automate .

New TP-Link zero-day surfaces as CISA warns other flaws are exploited

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/ Posted from: this blog via Microsoft Power Automate .

France slaps Google with €325M fine for violating cookie regulations

The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent. [...] https://www.bleepingcomputer.com/news/security/france-slaps-google-with-325m-fine-for-violating-cookie-regulations/ Posted from: this blog via Microsoft Power Automate .

Tire giant Bridgestone confirms cyberattack impacts manufacturing

Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. [...] https://www.bleepingcomputer.com/news/security/tire-giant-bridgestone-confirms-cyberattack-impacts-manufacturing/ Posted from: this blog via Microsoft Power Automate .

US sues robot toy maker for exposing children's data to Chinese devs

The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data without their knowledge and parental consent. [...] https://www.bleepingcomputer.com/news/security/us-sues-robot-toy-maker-for-exposing-childrens-data-to-chinese-devs/ Posted from: this blog via Microsoft Power Automate .

SaaS giant Workiva discloses data breach after Salesforce attack

Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. [...] https://www.bleepingcomputer.com/news/security/saas-giant-workiva-discloses-data-breach-after-salesforce-attack/ Posted from: this blog via Microsoft Power Automate .

Google fixes actively exploited Android flaws in September update

Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. [...] https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-flaws-in-september-update/ Posted from: this blog via Microsoft Power Automate .

Cloudflare hit by data breach in Salesloft Drift supply chain attack

Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. [...] https://www.bleepingcomputer.com/news/security/cloudflare-hit-by-data-breach-in-salesloft-drift-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps

Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which peaked at 11.5 terabits per second (Tbps). [...] https://www.bleepingcomputer.com/news/security/cloudflare-blocks-record-breaking-115-tbps-ddos-attack/ Posted from: this blog via Microsoft Power Automate .

No, Google did not warn 2.5 billion Gmail users to reset passwords

Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. [...] https://www.bleepingcomputer.com/news/technology/no-google-did-not-warn-25-billion-gmail-users-to-reset-passwords/ Posted from: this blog via Microsoft Power Automate .

Jaguar Land Rover says cyberattack ‘severely disrupted’ production

Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. [...] https://www.bleepingcomputer.com/news/security/jaguar-land-rover-says-cyberattack-severely-disrupted-production/ Posted from: this blog via Microsoft Power Automate .

Pennsylvania AG Office says ransomware attack behind recent outage

The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. [...] https://www.bleepingcomputer.com/news/security/pennsylvania-ag-office-says-ransomware-attack-behind-recent-outage/ Posted from: this blog via Microsoft Power Automate .

Palo Alto Networks data breach exposes customer info, support tickets

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. [...] https://www.bleepingcomputer.com/news/security/palo-alto-networks-data-breach-exposes-customer-info-support-tickets/ Posted from: this blog via Microsoft Power Automate .

ChatGPT can now create flashcards quiz on any topic

If you use ChatGPT to learn new topics, you might want to try its new flashcard-based quiz feature, which can help you evaluate your progress. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-can-now-create-flashcards-quiz-on-any-topic/ Posted from: this blog via Microsoft Power Automate .

Brokewell Android malware delivered through fake TradingView ads

Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. [...] https://www.bleepingcomputer.com/news/security/brokewell-android-malware-delivered-through-fake-tradingview-ads/ Posted from: this blog via Microsoft Power Automate .