Posts

Showing posts from December, 2025

NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices

New York City's 2026 mayoral inauguration of Zohran Mamdani has published a list of banned items for the event, specifically prohibiting the Flipper Zero and Raspberry Pi devices. [...] https://www.bleepingcomputer.com/news/security/nyc-mayoral-inauguration-bans-flipper-zero-raspberry-pi-devices/ Posted from: this blog via Microsoft Power Automate .

NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices

New York City's 2026 mayoral inauguration of Zohran Mamdani has published a list of banned items for the event, specifically prohibiting the Flipper Zero and Raspberry Pi devices. [...] https://www.bleepingcomputer.com/news/security/nyc-mayoral-inauguration-bans-flipper-zero-raspberry-pi-devices/ Posted from: this blog via Microsoft Power Automate .

Hackers drain $3.9M from Unleash Protocol after multisig hijack

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. [...] https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/ Posted from: this blog via Microsoft Power Automate .

Hackers drain $3.9M from Unleash Protocol after multisig hijack

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. [...] https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/ Posted from: this blog via Microsoft Power Automate .

RondoDox botnet exploits React2Shell flaw to breach Next.js servers

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. [...] https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/ Posted from: this blog via Microsoft Power Automate .

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. [...] https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/ Posted from: this blog via Microsoft Power Automate .

Disney will pay $10 million to settle children's data privacy lawsuit

Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. [...] https://www.bleepingcomputer.com/news/security/disney-will-pay-10m-to-settle-claims-of-childrens-privacy-violations-on-youtube/ Posted from: this blog via Microsoft Power Automate .

New ErrTraffic service enables ClickFix attacks via fake browser glitches

A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions [...] https://www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/ Posted from: this blog via Microsoft Power Automate .

European Space Agency confirms breach of "external servers"

The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities. [...] https://www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/ Posted from: this blog via Microsoft Power Automate .

Zoom Stealer browser extensions harvest corporate meeting intelligence

A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. [...] https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/ Posted from: this blog via Microsoft Power Automate .

US cybersecurity experts plead guilty to BlackCat ransomware attacks

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...] https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-plead-guilty-to-blackcat-alphv-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

CISA orders feds to patch MongoBleed flaw exploited in attacks

CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. [...] https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-mongobleed-flaw-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. [...] https://www.bleepingcomputer.com/news/security/chinese-state-hackers-use-rootkit-to-hide-toneshell-malware-activity/ Posted from: this blog via Microsoft Power Automate .

Coupang to split $1.17 billion among 33.7 million data breach victims

Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. [...] https://www.bleepingcomputer.com/news/security/coupang-to-split-117-billion-among-337-million-data-breach-victims/ Posted from: this blog via Microsoft Power Automate .

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads

A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. [...] https://www.bleepingcomputer.com/news/security/hacker-arrested-for-kmsauto-malware-campaign-with-28-million-downloads/ Posted from: this blog via Microsoft Power Automate .

Korean Air data breach exposes data of thousands of employees

Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. [...] https://www.bleepingcomputer.com/news/security/korean-air-data-breach-exposes-data-of-thousands-of-employees/ Posted from: this blog via Microsoft Power Automate .

Microsoft Copilot is rolling out GPT 5.2 as "Smart Plus" mode

Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it'll coexist with the GPT 5.1 model. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-is-rolling-out-gpt-52-as-smart-plus-mode/ Posted from: this blog via Microsoft Power Automate .

Microsoft Copilot is rolling out GPT 5.2 as "Smart Plus" mode

Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it'll coexist with the GPT 5.1 model. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-is-rolling-out-gpt-52-as-smart-plus-mode/ Posted from: this blog via Microsoft Power Automate .

Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. [...] https://www.bleepingcomputer.com/news/security/fortinet-warns-of-5-year-old-fortios-2fa-bypass-still-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the public web. [...] https://www.bleepingcomputer.com/news/security/exploited-mongobleed-flaw-leaks-mongodb-secrets-87k-servers-exposed/ Posted from: this blog via Microsoft Power Automate .

Hacker claims to leak WIRED database with 2.3 million records

A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. [...] https://www.bleepingcomputer.com/news/security/hacker-claims-to-leak-wired-database-with-23-million-records/ Posted from: this blog via Microsoft Power Automate .

Massive Rainbow Six Siege breach gives players billions of credits

Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. [...] https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/ Posted from: this blog via Microsoft Power Automate .

Massive Rainbow Six Siege breach gives players billions of credits

Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. [...] https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/ Posted from: this blog via Microsoft Power Automate .

OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers

OpenAI is reportedly mulling a new form of ads on ChatGPT called "sponsored content," which could influence your buying decisions. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/ Posted from: this blog via Microsoft Power Automate .

OpenAI's ChatGPT ads will allegedly prioritize sponsored content in answers

OpenAI is reportedly mulling a new form of ads on ChatGPT called "sponsored content," which could influence your buying decisions. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ads-will-allegedly-prioritize-sponsored-content-in-answers/ Posted from: this blog via Microsoft Power Automate .

Fake GrubHub emails promise tenfold return on sent cryptocurrency

Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. [...] https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/ Posted from: this blog via Microsoft Power Automate .

Trust Wallet Chrome extension hack tied to millions in losses

Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. [...] https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/ Posted from: this blog via Microsoft Power Automate .

ChatGPT’s new formatting blocks make its UI look more like a task tool

OpenAI has quietly rolled out 'formatting blocks,' which tweak GPT's layout to match the UI of the task it is supposed to execute. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-new-formatting-blocks-make-its-ui-look-more-like-a-task-tool/ Posted from: this blog via Microsoft Power Automate .

ChatGPT’s new formatting blocks make its UI look more like a task tool

OpenAI has quietly rolled out 'formatting blocks,' which tweak GPT's layout to match the UI of the task it is supposed to execute. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-new-formatting-blocks-make-its-ui-look-more-like-a-task-tool/ Posted from: this blog via Microsoft Power Automate .

Google will finally allow you to change your @gmail.com address

Google will finally allow you to change your @gmail address or create a new alias, according to a new support document. [...] https://www.bleepingcomputer.com/news/google/google-will-finally-allow-you-to-change-your-gmailcom-address/ Posted from: this blog via Microsoft Power Automate .

OpenAI is reportedly testing Claude-like Skills for ChatGPT

OpenAI is testing a new ChatGPT feature called "Skills," which will be similar to Claude's feature, also called Skills. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-reportedly-testing-claude-like-skills-for-chatgpt/ Posted from: this blog via Microsoft Power Automate .

Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. [...] https://www.bleepingcomputer.com/news/security/fake-mas-windows-activation-domain-used-to-spread-powershell-malware/ Posted from: this blog via Microsoft Power Automate .

OpenAI is reportedly testing Claude-like Skills for ChatGPT

OpenAI is testing a new ChatGPT feature called "Skills," which will be similar to Claude's feature, also called Skills. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-reportedly-testing-claude-like-skills-for-chatgpt/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams to let admins block external users via Defender portal

Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-to-let-admins-block-external-users-via-defender-portal/ Posted from: this blog via Microsoft Power Automate .

Microsoft rolls out hardware-accelerated BitLocker in Windows 11

Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU. [...] https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-hardware-accelerated-bitlocker-in-windows-11/ Posted from: this blog via Microsoft Power Automate .

FBI seizes domain storing bank credentials stolen from U.S. victims

The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. [...] https://www.bleepingcomputer.com/news/security/fbi-seizes-domain-storing-bank-credentials-stolen-from-us-victims/ Posted from: this blog via Microsoft Power Automate .

MongoDB warns admins to patch severe RCE flaw immediately

MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. [...] https://www.bleepingcomputer.com/news/security/mongodb-warns-admins-to-patch-severe-rce-flaw-immediately/ Posted from: this blog via Microsoft Power Automate .

Microsoft rolls out hardware-accelerated BitLocker in Windows 11

Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU. [...] https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-hardware-accelerated-bitlocker-in-windows-11/ Posted from: this blog via Microsoft Power Automate .

FBI seizes domain storing bank credentials stolen from U.S. victims

The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks. [...] https://www.bleepingcomputer.com/news/security/fbi-seizes-domain-storing-bank-credentials-stolen-from-us-victims/ Posted from: this blog via Microsoft Power Automate .

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/ Posted from: this blog via Microsoft Power Automate .

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. [...] https://www.bleepingcomputer.com/news/security/malicious-extensions-in-chrome-web-store-steal-user-credentials/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams strengthens messaging security by default in January

Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-strengthens-messaging-security-by-default-in-january/ Posted from: this blog via Microsoft Power Automate .

Cyberattack knocks offline France's postal, banking services

The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions. [...] https://www.bleepingcomputer.com/news/security/cyberattack-knocks-offline-frances-postal-banking-services/ Posted from: this blog via Microsoft Power Automate .

Italy fines Apple $116 million over App Store privacy policy issues

Italy's competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. [...] https://www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/ Posted from: this blog via Microsoft Power Automate .

Baker University says 2024 data breach impacts 53,000 people

Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. [...] https://www.bleepingcomputer.com/news/security/baker-university-data-breach-impacts-over-53-000-individuals/ Posted from: this blog via Microsoft Power Automate .

University of Phoenix data breach impacts nearly 3.5 million individuals

The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university's network in August. [...] https://www.bleepingcomputer.com/news/security/university-of-phoenix-data-breach-impacts-nearly-35-million-individuals/ Posted from: this blog via Microsoft Power Automate .

Coupang breach affecting 33.7 million users raises data protection questions

Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage. [...] https://www.bleepingcomputer.com/news/security/coupang-breach-affecting-337-million-users-raises-data-protection-questions/ Posted from: this blog via Microsoft Power Automate .

Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374

An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. [...] https://www.bleepingcomputer.com/news/security/not-all-cisa-linked-alerts-are-urgent-asus-live-update-cve-2025-59374/ Posted from: this blog via Microsoft Power Automate .

Ukrainian hacker admits affiliate role in Nefilim ransomware gang

A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. [...] https://www.bleepingcomputer.com/news/security/ukrainian-hacker-admits-affiliate-role-in-nefilim-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

Critical RCE flaw impacts over 115,000 WatchGuard firewalls

Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/over-115-000-watchguard-firewalls-vulnerable-to-ongoing-rce-attacks/ Posted from: this blog via Microsoft Power Automate .

Docker Hardened Images now open source and available for free

More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. [...] https://www.bleepingcomputer.com/news/security/docker-hardened-images-now-open-source-and-available-for-free/ Posted from: this blog via Microsoft Power Automate .

Docker Hardened Images now open source and available for free

More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. [...] https://www.bleepingcomputer.com/news/security/docker-hardened-images-now-open-source-and-available-for-free/ Posted from: this blog via Microsoft Power Automate .

RansomHouse upgrades encryption with multi-layered data processing

The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. [...] https://www.bleepingcomputer.com/news/security/ransomhouse-upgrades-encryption-with-multi-layered-data-processing/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms Teams is down and messages are delayed

Microsoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-teams-is-down-and-messages-are-delayed/ Posted from: this blog via Microsoft Power Automate .

Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...] https://www.bleepingcomputer.com/news/security/nigeria-arrests-dev-of-microsoft-365-raccoon0365-phishing-platform/ Posted from: this blog via Microsoft Power Automate .

Nigeria arrests dev of Microsoft 365 'Raccoon0365' phishing platform

The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. [...] https://www.bleepingcomputer.com/news/security/nigeria-arrests-dev-of-microsoft-365-raccoon0365-phishing-platform/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. [...] https://www.bleepingcomputer.com/news/security/microsoft-365-accounts-targeted-in-wave-of-oauth-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...] https://www.bleepingcomputer.com/news/security/new-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock/ Posted from: this blog via Microsoft Power Automate .

New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...] https://www.bleepingcomputer.com/news/security/new-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock/ Posted from: this blog via Microsoft Power Automate .

Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

This month's extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-oob-update-released-to-fix-message-queuing-msmq-issues/ Posted from: this blog via Microsoft Power Automate .

Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

This month's extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-oob-update-released-to-fix-message-queuing-msmq-issues/ Posted from: this blog via Microsoft Power Automate .

University of Sydney suffers data breach exposing student and staff info

Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. [...] https://www.bleepingcomputer.com/news/security/university-of-sydney-suffers-data-breach-exposing-student-and-staff-info/ Posted from: this blog via Microsoft Power Automate .

University of Sydney suffers data breach exposing student and staff info

Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. [...] https://www.bleepingcomputer.com/news/security/university-of-sydney-suffers-data-breach-exposing-student-and-staff-info/ Posted from: this blog via Microsoft Power Automate .

Clop ransomware targets Gladinet CentreStack in data theft attacks

The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. [...] https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/ Posted from: this blog via Microsoft Power Automate .

New password spraying attacks target Cisco, PAN VPN gateways

An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. [...] https://www.bleepingcomputer.com/news/security/new-password-spraying-attacks-target-cisco-pan-vpn-gateways/ Posted from: this blog via Microsoft Power Automate .

US seizes E-Note crypto exchange for laundering ransomware payments

Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. [...] https://www.bleepingcomputer.com/news/security/us-seizes-e-note-crypto-exchange-for-laundering-ransomware-payments/ Posted from: this blog via Microsoft Power Automate .

US seizes E-Note crypto exchange for laundering ransomware payments

Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million. [...] https://www.bleepingcomputer.com/news/security/us-seizes-e-note-crypto-exchange-for-laundering-ransomware-payments/ Posted from: this blog via Microsoft Power Automate .

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). [...] https://www.bleepingcomputer.com/news/security/amazon-ongoing-cryptomining-campaign-uses-hacked-aws-accounts/ Posted from: this blog via Microsoft Power Automate .

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). [...] https://www.bleepingcomputer.com/news/security/amazon-ongoing-cryptomining-campaign-uses-hacked-aws-accounts/ Posted from: this blog via Microsoft Power Automate .

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. [...] https://www.bleepingcomputer.com/news/security/whatsapp-device-linking-abused-in-account-hijacking-attacks/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

​Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. [...] https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...] https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-exploited-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. [...] https://www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/ Posted from: this blog via Microsoft Power Automate .

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. [...] https://www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/ Posted from: this blog via Microsoft Power Automate .

Amazon disrupts Russian GRU hackers attacking edge network devices

The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...] https://www.bleepingcomputer.com/news/security/amazon-disrupts-russian-gru-hackers-attacking-edge-network-devices/ Posted from: this blog via Microsoft Power Automate .

Amazon disrupts Russian GRU hackers attacking edge network devices

The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...] https://www.bleepingcomputer.com/news/security/amazon-disrupts-russian-gru-hackers-attacking-edge-network-devices/ Posted from: this blog via Microsoft Power Automate .

Texas sues TV makers for taking screenshots of what people watch

The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology. [...] https://www.bleepingcomputer.com/news/security/texas-sues-tv-makers-for-spying-on-users-selling-data-without-consent/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit newly patched Fortinet auth bypass flaws

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/ Posted from: this blog via Microsoft Power Automate .

SoundCloud confirms breach after member data stolen, VPN access disrupted

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. [...] https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/ Posted from: this blog via Microsoft Power Automate .

Google is shutting down its dark web report feature in January

Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...] https://www.bleepingcomputer.com/news/google/google-is-shutting-down-its-dark-web-report-feature-in-january/ Posted from: this blog via Microsoft Power Automate .

Askul confirms theft of 740k customer records in ransomware attack

Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. [...] https://www.bleepingcomputer.com/news/security/askul-confirms-theft-of-740k-customer-records-in-ransomhouse-attack/ Posted from: this blog via Microsoft Power Automate .

Google is shutting down its dark web report feature in January

Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...] https://www.bleepingcomputer.com/news/google/google-is-shutting-down-its-dark-web-report-feature-in-january/ Posted from: this blog via Microsoft Power Automate .

New SantaStealer malware steals data from browsers, crypto wallets

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. [...] https://www.bleepingcomputer.com/news/security/new-santastealer-malware-steals-data-from-browsers-crypto-wallets/ Posted from: this blog via Microsoft Power Automate .

PornHub extorted after hackers steal Premium member activity data

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...] https://www.bleepingcomputer.com/news/security/pornhub-extorted-after-hackers-steal-premium-member-activity-data/ Posted from: this blog via Microsoft Power Automate .

Ongoing SoundCloud issue blocks VPN users with 403 server error

Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. [...] https://www.bleepingcomputer.com/news/security/ongoing-soundcloud-issue-blocks-vpn-users-with-403-server-error/ Posted from: this blog via Microsoft Power Automate .

700Credit data breach impacts 5.8 million vehicle dealership customers

700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. [...] https://www.bleepingcomputer.com/news/security/700credit-data-breach-impacts-58-million-vehicle-dealership-customers/ Posted from: this blog via Microsoft Power Automate .

2025’s Top Phishing Trends and What They Mean for Your Security Strategy

Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. [...] https://www.bleepingcomputer.com/news/security/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Recent Windows updates break VPN access for WSL users

Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-wsl-networking-issues/ Posted from: this blog via Microsoft Power Automate .

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...] https://www.bleepingcomputer.com/news/security/google-links-more-chinese-hacking-groups-to-react2shell-attacks/ Posted from: this blog via Microsoft Power Automate .

French Interior Ministry confirms cyberattack on email servers

The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...] https://www.bleepingcomputer.com/news/security/france-interior-ministry-confirms-cyberattack-on-email-servers/ Posted from: this blog via Microsoft Power Automate .

Microsoft: December security updates cause Message Queuing failures

Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-december-security-updates-cause-message-queuing-failures/ Posted from: this blog via Microsoft Power Automate .

CyberVolk’s ransomware debut stumbles on cryptography weakness

The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. [...] https://www.bleepingcomputer.com/news/security/cybervolks-ransomware-debut-stumbles-on-cryptography-weakness/ Posted from: this blog via Microsoft Power Automate .

Beware: PayPal subscriptions abused to send fake purchase emails

An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. [...] https://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/ Posted from: this blog via Microsoft Power Automate .

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks

Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...] https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-day-flaws-exploited-in-sophisticated-attacks/ Posted from: this blog via Microsoft Power Automate .

Apple fixes two zero-day flaws exploited in 'sophisticated' attacks

Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...] https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-day-flaws-exploited-in-sophisticated-attacks/ Posted from: this blog via Microsoft Power Automate .

MKVCinemas streaming piracy service with 142M visits shuts down

An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. [...] https://www.bleepingcomputer.com/news/security/mkvcinemas-streaming-piracy-service-with-142m-visits-shuts-down/ Posted from: this blog via Microsoft Power Automate .

Brave browser starts testing agentic AI mode for automated tasks

Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/brave-browser-starts-testing-agentic-ai-mode-for-automated-tasks/ Posted from: this blog via Microsoft Power Automate .

Brave browser starts testing agentic AI mode for automated tasks

Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/brave-browser-starts-testing-agentic-ai-mode-for-automated-tasks/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks

Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet's CentreStack and Triofox products for secure remote file access and sharing. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-gladinet-centrestack-cryptographic-flaw-in-rce-attacks/ Posted from: this blog via Microsoft Power Automate .

Notepad++ fixes flaw that let attackers push malicious update files

Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. [...] https://www.bleepingcomputer.com/news/security/notepad-plus-plus-fixes-flaw-that-let-attackers-push-malicious-update-files/ Posted from: this blog via Microsoft Power Automate .

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. [...] https://www.bleepingcomputer.com/news/security/malicious-vscode-marketplace-extensions-hid-trojan-in-fake-png-file/ Posted from: this blog via Microsoft Power Automate .

Google fixes eighth Chrome zero-day exploited in attacks in 2025

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. [...] https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/ Posted from: this blog via Microsoft Power Automate .

Google ads for shared ChatGPT, Grok guides push macOS infostealer malware

A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. [...] https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Google ads for shared ChatGPT, Grok guides push macOS infostealer malware

A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer "helpful" instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. [...] https://www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

New DroidLock malware locks Android devices and demands a ransom

A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. [...] https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/ Posted from: this blog via Microsoft Power Automate .

New DroidLock malware locks Android devices and demands a ransom

A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. [...] https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams to warn of suspicious traffic with external domains

Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT administrators tackle potential security threats. [...] https://www.bleepingcomputer.com/news/security/microsoft-teams-to-warn-of-suspicious-traffic-with-external-domains/ Posted from: this blog via Microsoft Power Automate .

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. [...] https://www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/ Posted from: this blog via Microsoft Power Automate .

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. [...] https://www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/ Posted from: this blog via Microsoft Power Automate .

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Microsoft's December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/ Posted from: this blog via Microsoft Power Automate .

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. [...] https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5072033 & KB5071417 cumulative updates released

Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Microsoft's December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/ Posted from: this blog via Microsoft Power Automate .

Ransomware IAB abuses EDR for stealthy malware execution

An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/ Posted from: this blog via Microsoft Power Automate .

Microsoft investigates Copilot outage affecting users in Europe

Microsoft is working to mitigate an ongoing incident that has been blocking users in Europe from accessing the company's AI-powered Copilot digital assistant. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-copilot-outage-affecting-users-in-europe/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-turn-to-shanya-exe-packer-to-hide-edr-killers/ Posted from: this blog via Microsoft Power Automate .

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. [...] https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/ Posted from: this blog via Microsoft Power Automate .

FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024

A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. [...] https://www.bleepingcomputer.com/news/security/fincen-says-ransomware-gangs-extorted-over-21b-from-2022-to-2024/ Posted from: this blog via Microsoft Power Automate .

Poland arrests Ukrainians utilizing 'advanced' hacking equipment

The police in Poland arrested three Ukrainian nationals for allegedly attempting to damage IT systems in the country using hacking equipment and for obtaining "computer data of particular importance to national defense." [...] https://www.bleepingcomputer.com/news/security/poland-arrests-ukrainians-utilizing-advanced-hacking-equipment/ Posted from: this blog via Microsoft Power Automate .

Google Chrome adds new security layer for Gemini AI agentic browsing

Google Chrome is introducing a new security architecture designed to protect upcoming agentic AI browsing features powered by Gemini. [...] https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/ Posted from: this blog via Microsoft Power Automate .

How Agentic BAS AI Turns Threat Headlines Into Defense Strategies

Picus Security explains why relying on LLM-generated attack scripts is risky and how an agentic approach maps real threat intel to safe, validated TTPs. Their breakdown shows how teams can turn headline threats into reliable defense checks without unsafe automation. [...] https://www.bleepingcomputer.com/news/security/how-agentic-bas-ai-turns-threat-headlines-into-defense-strategies/ Posted from: this blog via Microsoft Power Automate .

OpenAI denies rolling out ads on ChatGPT paid plans

ChatGPT is allegedly showing ads to those who pay $20 for the Plus subscription, but OpenAI says this is an app recommendation feature, not an ad. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-denies-rolling-out-ads-on-chatgpt-paid-plans/ Posted from: this blog via Microsoft Power Automate .

OpenAI denies rolling out ads on ChatGPT paid plans

ChatGPT is allegedly showing ads to those who pay $20 for the Plus subscription, but OpenAI says this is an app recommendation feature, not an ad. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/openai-denies-rolling-out-ads-on-chatgpt-paid-plans/ Posted from: this blog via Microsoft Power Automate .

Portugal updates cybercrime law to exempt security researchers

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. [...] https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/ Posted from: this blog via Microsoft Power Automate .

Portugal updates cybercrime law to exempt security researchers

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. [...] https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/ Posted from: this blog via Microsoft Power Automate .

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. [...] https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable/ Posted from: this blog via Microsoft Power Automate .

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. [...] https://www.bleepingcomputer.com/news/security/new-wave-of-vpn-login-attempts-targets-palo-alto-globalprotect-portals/ Posted from: this blog via Microsoft Power Automate .

Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...] https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/ Posted from: this blog via Microsoft Power Automate .

Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...] https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/ Posted from: this blog via Microsoft Power Automate .

FBI warns of virtual kidnapping scams using altered social media photos

The FBI warns that criminals are altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-virtual-kidnapping-ransom-scams-using-altered-social-media-photos/ Posted from: this blog via Microsoft Power Automate .

A Practical Guide to Continuous Attack Surface Visibility

Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. [...] https://www.bleepingcomputer.com/news/security/a-practical-guide-to-continuous-attack-surface-visibility/ Posted from: this blog via Microsoft Power Automate .

EU fines X $140 million over deceptive blue checkmarks

The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). [...] https://www.bleepingcomputer.com/news/security/eu-fines-x-140-million-over-deceptive-blue-checkmarks-transparency-violations/ Posted from: this blog via Microsoft Power Automate .

Cloudflare blames today's outage on emergency React2Shell patch

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/ Posted from: this blog via Microsoft Power Automate .

Predator spyware uses new infection vector for zero-click attacks

The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement. [...] https://www.bleepingcomputer.com/news/security/predator-spyware-uses-new-infection-vector-for-zero-click-attacks/ Posted from: this blog via Microsoft Power Automate .

Russia blocks FaceTime and Snapchat over use in terrorist attacks

Russian telecommunications watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate terrorist attacks. [...] https://www.bleepingcomputer.com/news/security/russia-blocks-facetime-and-snapchat-over-use-in-terrorist-attacks/ Posted from: this blog via Microsoft Power Automate .

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/ Posted from: this blog via Microsoft Power Automate .

Contractors with hacking records accused of wiping 96 govt databases

U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. [...] https://www.bleepingcomputer.com/news/security/contractors-with-hacking-records-accused-of-wiping-96-govt-databases/ Posted from: this blog via Microsoft Power Automate .

Contractors with hacking records accused of wiping 96 govt databases

U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs as federal contractors. [...] https://www.bleepingcomputer.com/news/security/contractors-with-hacking-records-accused-of-wiping-96-govt-databases/ Posted from: this blog via Microsoft Power Automate .

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. [...] https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/ Posted from: this blog via Microsoft Power Automate .

Russia blocks Roblox over distribution of LGBT "propaganda"

Roskomnadzor, Russia's telecommunications watchdog, has blocked access to the Roblox online gaming platform for failing to stop the distribution of what it described as LGBT propaganda and extremist materials. [...] https://www.bleepingcomputer.com/news/security/russia-blocks-roblox-over-distribution-of-lgbt-propaganda/ Posted from: this blog via Microsoft Power Automate .

Google expands Android scam protection feature to Chase, Cash App in U.S.

Google is expanding support for its Android's in-call scam protection to multiple banks and financial applications in the United States. [...] https://www.bleepingcomputer.com/news/security/google-expands-android-scam-protection-feature-to-chase-cash-app-in-us/ Posted from: this blog via Microsoft Power Automate .

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/ Posted from: this blog via Microsoft Power Automate .

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/ Posted from: this blog via Microsoft Power Automate .

Deep dive into DragonForce ransomware and its Scattered Spider connection

DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. [...] https://www.bleepingcomputer.com/news/security/deep-dive-into-dragonforce-ransomware-and-its-scattered-spider-connection/ Posted from: this blog via Microsoft Power Automate .

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second. [...] https://www.bleepingcomputer.com/news/security/aisuru-botnet-behind-new-record-breaking-297-tbps-ddos-attack/ Posted from: this blog via Microsoft Power Automate .

University of Phoenix discloses data breach after Oracle hack

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...] https://www.bleepingcomputer.com/news/security/university-of-phoenix-discloses-data-breach-after-oracle-hack/ Posted from: this blog via Microsoft Power Automate .

Google fixes two Android zero days exploited in attacks, 107 flaws

Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...] https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/ Posted from: this blog via Microsoft Power Automate .

Google fixes two Android zero days exploited in attacks, 107 flaws

Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...] https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/ Posted from: this blog via Microsoft Power Automate .

Fake Calendly invites spoof top brands to hijack ad manager accounts

An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...] https://www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/ Posted from: this blog via Microsoft Power Automate .

Microsoft: KB5070311 triggers File Explorer white flash in dark mode

Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5070311-triggers-file-explorer-bright-white-flashes-in-dark-mode/ Posted from: this blog via Microsoft Power Automate .

University of Pennsylvania confirms new data breach after Oracle hack

​The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...] https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5070311 update fixes File Explorer freezes, search issues

​​Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/ Posted from: this blog via Microsoft Power Automate .

When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats

Hackers impersonate IT pros with deepfakes, fake resumes, and stolen identities, turning hiring pipelines into insider threats. Huntres sLabs explains how stronger vetting and access controls help stop these threats. [...] https://www.bleepingcomputer.com/news/security/when-hackers-wear-suits-protecting-your-team-from-insider-cyber-threats/ Posted from: this blog via Microsoft Power Automate .

ShadyPanda browser extensions amass 4.3M installs in malicious campaign

A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. [...] https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/ Posted from: this blog via Microsoft Power Automate .

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger's work without credit. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-deletes-x-post-after-getting-caught-using-a-stolen-ai-recipe-infographic/ Posted from: this blog via Microsoft Power Automate .

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger's work without credit. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/google-deletes-x-post-after-getting-caught-using-a-stolen-ai-recipe-infographic/ Posted from: this blog via Microsoft Power Automate .

Police takes down Cryptomixer cryptocurrency mixing service

Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds. [...] https://www.bleepingcomputer.com/news/security/police-takes-down-cryptomixer-cryptocurrency-mixing-service/ Posted from: this blog via Microsoft Power Automate .

Police takes down Cryptomixer cryptocurrency mixing service

Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds. [...] https://www.bleepingcomputer.com/news/security/police-takes-down-cryptomixer-cryptocurrency-mixing-service/ Posted from: this blog via Microsoft Power Automate .