Posts

Showing posts from June, 2026

Anthropic to restore Claude Fable access on Wednesday

Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-to-restore-claude-fable-access-on-wednesday/ Posted from: this blog via Microsoft Power Automate .

Anthropic to restore Claude Fable access on Wednesday

Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-to-restore-claude-fable-access-on-wednesday/ Posted from: this blog via Microsoft Power Automate .

New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/ Posted from: this blog via Microsoft Power Automate .

New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/ Posted from: this blog via Microsoft Power Automate .

Microsoft accelerates quantum-safe roadmap as risks grow

Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-accelerates-quantum-safe-roadmap-as-risks-grow/ Posted from: this blog via Microsoft Power Automate .

Malicious PyPI packages give hackers control of Telegram bot servers

A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...] https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-give-hackers-control-of-telegram-bot-servers/ Posted from: this blog via Microsoft Power Automate .

Microsoft accelerates quantum-safe roadmap as risks grow

Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-accelerates-quantum-safe-roadmap-as-risks-grow/ Posted from: this blog via Microsoft Power Automate .

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...] https://www.bleepingcomputer.com/news/security/fake-perplexity-extension-on-chrome-web-store-tracked-searches/ Posted from: this blog via Microsoft Power Automate .

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...] https://www.bleepingcomputer.com/news/security/fake-perplexity-extension-on-chrome-web-store-tracked-searches/ Posted from: this blog via Microsoft Power Automate .

WhatsApp rolls out usernames to help users hide their phone number

WhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...] https://www.bleepingcomputer.com/news/security/whatsapp-rolls-out-usernames-to-help-users-hide-their-phone-number/ Posted from: this blog via Microsoft Power Automate .

Microsoft extends Windows Server 2022 hotpatching until October 2027

Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-extends-windows-server-2022-hotpatching-until-october-2027/ Posted from: this blog via Microsoft Power Automate .

Microsoft extends Windows Server 2022 hotpatching until October 2027

Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-extends-windows-server-2022-hotpatching-until-october-2027/ Posted from: this blog via Microsoft Power Automate .

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...] https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/ Posted from: this blog via Microsoft Power Automate .

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...] https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/ Posted from: this blog via Microsoft Power Automate .

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...] https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-hackers-targeting-whatsapp-signal-users/ Posted from: this blog via Microsoft Power Automate .

Agentic AI Has an Identity Problem and Attackers Know It

AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...] https://www.bleepingcomputer.com/news/security/agentic-ai-has-an-identity-problem-and-attackers-know-it/ Posted from: this blog via Microsoft Power Automate .

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/ Posted from: this blog via Microsoft Power Automate .

Hackers now exploit critical Oracle E-Business flaw in attacks

Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...] https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Webinar: Why business email compromise attacks keep succeeding

Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threats and automate response workflows. [...] https://www.bleepingcomputer.com/news/security/webinar-why-business-email-compromise-attacks-keep-succeeding/ Posted from: this blog via Microsoft Power Automate .

US seizes hundreds of FIFA World Cup illegal streaming domains

The U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...] https://www.bleepingcomputer.com/news/security/us-seizes-hundreds-of-fifa-world-cup-illegal-streaming-domains/ Posted from: this blog via Microsoft Power Automate .

Data breach exposes up to 14.2 million email logins at six ISPs

Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...] https://www.bleepingcomputer.com/news/security/data-breach-exposes-up-to-142-million-email-logins-at-six-isps/ Posted from: this blog via Microsoft Power Automate .

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning a seemingly benign GitHub repository could execute a malicious payload that is invisible to both security agents and human reviewers. [...] https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/ Posted from: this blog via Microsoft Power Automate .

FBI: Russian hackers now target Signal backup recovery keys

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...] https://www.bleepingcomputer.com/news/security/fbi-russian-hackers-now-target-signal-backup-recovery-keys/ Posted from: this blog via Microsoft Power Automate .

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...] https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...] https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...] https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/ Posted from: this blog via Microsoft Power Automate .

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...] https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Order-tracking app Shop abused to push callback phishing attacks

Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. [...] https://www.bleepingcomputer.com/news/security/order-tracking-app-shop-abused-to-push-callback-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft quietly extends free Windows 10 ESU support to October 2027

Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-extends-free-windows-10-esu-support-to-october-2027/ Posted from: this blog via Microsoft Power Automate .

Microsoft quietly extends free Windows 10 ESU support to October 2027

Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-extends-free-windows-10-esu-support-to-october-2027/ Posted from: this blog via Microsoft Power Automate .

New macOS malware embeds fake errors to confuse AI analysis tools

A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. [...] https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/ Posted from: this blog via Microsoft Power Automate .

PirloTV sports piracy network disrupted as 44 domains seized

A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 domains. [...] https://www.bleepingcomputer.com/news/security/pirlotv-sports-piracy-network-disrupted-as-44-domains-seized/ Posted from: this blog via Microsoft Power Automate .

Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...] https://www.bleepingcomputer.com/news/security/bluekit-phishing-kit-adopts-browser-in-the-middle-for-login-theft/ Posted from: this blog via Microsoft Power Automate .

Google releases new privacy controls for activity history, personalization

Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...] https://www.bleepingcomputer.com/news/google/google-releases-new-privacy-controls-for-activity-history-personalization/ Posted from: this blog via Microsoft Power Automate .

Google releases new privacy controls for activity history, personalization

Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...] https://www.bleepingcomputer.com/news/google/google-releases-new-privacy-controls-for-activity-history-personalization/ Posted from: this blog via Microsoft Power Automate .

DraftKings hacker 'Snoopy' sentenced to 18 months in prison

A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...] https://www.bleepingcomputer.com/news/security/draftkings-hacker-snoopy-sentenced-to-18-months-in-prison/ Posted from: this blog via Microsoft Power Automate .

DraftKings hacker 'Snoopy' sentenced to 18 months in prison

A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...] https://www.bleepingcomputer.com/news/security/draftkings-hacker-snoopy-sentenced-to-18-months-in-prison/ Posted from: this blog via Microsoft Power Automate .

Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...] https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ Posted from: this blog via Microsoft Power Automate .

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...] https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/ Posted from: this blog via Microsoft Power Automate .

Amadey, StealC malware operations disrupted in Operation Endgame action

Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...] https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/ Posted from: this blog via Microsoft Power Automate .

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5095093 update rolls out new Point-in-Time restore feature

​​Microsoft has released the KB5095093 preview cumulative update for Windows 11 24H2 and 25H2, which fixes numerous bugs and begins rolling out new features, including the new Point-in-Time restore feature. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5095093-update-rolls-out-new-point-in-time-restore-feature/ Posted from: this blog via Microsoft Power Automate .

Healthtech firm Xolis suffers data breach impacting 1.4 million people

Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...] https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/ Posted from: this blog via Microsoft Power Automate .

Healthtech firm Xolis suffers data breach impacting 1.4 million people

Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...] https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/ Posted from: this blog via Microsoft Power Automate .

New macOS ClickFix attack silently mounts DMGs to push infostealer

A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. [...] https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/ Posted from: this blog via Microsoft Power Automate .

New macOS ClickFix attack silently mounts DMGs to push infostealer

A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. [...] https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/ Posted from: this blog via Microsoft Power Automate .

Scattered Spider members plead guilty to hacking Transport for London

Two members of the 'Scattered Spider' cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. [...] https://www.bleepingcomputer.com/news/security/scattered-spider-members-plead-guilty-to-hacking-transport-for-london/ Posted from: this blog via Microsoft Power Automate .

JaredFromSubway MEV bot hacked in $15 million crypto theft

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...] https://www.bleepingcomputer.com/news/security/jaredfromsubway-mev-bot-hacked-in-15-million-crypto-theft/ Posted from: this blog via Microsoft Power Automate .

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service  condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. [...] https://www.bleepingcomputer.com/news/security/ffmpeg-fixes-pixelsmash-flaw-in-widely-used-video-decoder/ Posted from: this blog via Microsoft Power Automate .

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. [...] https://www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...] https://www.bleepingcomputer.com/news/security/microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...] https://www.bleepingcomputer.com/news/security/microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution/ Posted from: this blog via Microsoft Power Automate .

Microsoft says Windows 11 26H2 is coming soon, details upgrade process

Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-11-26h2-is-coming-soon-details-upgrade-process/ Posted from: this blog via Microsoft Power Automate .

A Glimpse into the “Search Your Target” Market for Stolen Credentials

Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. [...] https://www.bleepingcomputer.com/news/security/a-glimpse-into-the-search-your-target-market-for-stolen-credentials/ Posted from: this blog via Microsoft Power Automate .

AryStinger botnet infected thousands of D-Link routers worldwide

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...] https://www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/ Posted from: this blog via Microsoft Power Automate .

New Prinz Eugen ransomware prioritizes recent files for encryption

A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...] https://www.bleepingcomputer.com/news/security/new-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption/ Posted from: this blog via Microsoft Power Automate .

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...] https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ Posted from: this blog via Microsoft Power Automate .

Klue OAuth breach victim list grows as Icarus hackers claim attack

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion group publicly claims the attack. [...] https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/ Posted from: this blog via Microsoft Power Automate .

Texas govt data breach exposes over 3 million driver’s licenses

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. [...] https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/ Posted from: this blog via Microsoft Power Automate .

CISA warns Fortinet users to secure devices after FortiBleed leak

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed "FortiBleed." [...] https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/ Posted from: this blog via Microsoft Power Automate .

Gentlemen ransomware uses multiple EDR killers to disable defenses

The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. [...] https://www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/ Posted from: this blog via Microsoft Power Automate .

Nintendo confirms data stolen in WebMD subsidiary cyberattack

Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...] https://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/ Posted from: this blog via Microsoft Power Automate .

USB worm spreads crypto-stealing malware via Windows shortcut files

Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. [...] https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/ Posted from: this blog via Microsoft Power Automate .

USB worm spreads crypto-stealing malware via Windows shortcut files

Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. [...] https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/ Posted from: this blog via Microsoft Power Automate .

Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks

Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...] https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

F5 issues out-of-band patches for critical NGINX vulnerabilities

Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...] https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Server 2016 security update failures

Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren't up to date. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Server 2016 security update failures

Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren't up to date. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/ Posted from: this blog via Microsoft Power Automate .

Leak confirms OpenAI is testing a ChatGPT for Science subscription

OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openai-is-testing-a-chatgpt-for-science-subscription/ Posted from: this blog via Microsoft Power Automate .

Leak confirms OpenAI is testing a ChatGPT for Science subscription

OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openai-is-testing-a-chatgpt-for-science-subscription/ Posted from: this blog via Microsoft Power Automate .

Google to use UK and EU user IP addresses for ad personalization

From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices "wrong." [...] https://www.bleepingcomputer.com/news/security/google-to-use-uk-and-eu-user-ip-addresses-for-ad-personalization/ Posted from: this blog via Microsoft Power Automate .

FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.

A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...] https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ Posted from: this blog via Microsoft Power Automate .

Malicious JetBrains Marketplace plugins steal AI API keys from developers

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...] https://www.bleepingcomputer.com/news/security/malicious-jetbrains-marketplace-plugins-steal-ai-api-keys-from-developers/ Posted from: this blog via Microsoft Power Automate .

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...] https://www.bleepingcomputer.com/news/security/new-rokarolla-android-malware-targets-217-banking-crypto-apps/ Posted from: this blog via Microsoft Power Automate .

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...] https://www.bleepingcomputer.com/news/security/new-rokarolla-android-malware-targets-217-banking-crypto-apps/ Posted from: this blog via Microsoft Power Automate .

Steam Workshop abused to spread malware via Wallpaper Engine app

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. [...] https://www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/ Posted from: this blog via Microsoft Power Automate .

UK to require ID or face scan before you can make social media accounts

Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. [...] https://www.bleepingcomputer.com/news/security/uk-to-require-id-or-face-scan-before-you-can-make-social-media-accounts/ Posted from: this blog via Microsoft Power Automate .

GhostTree Attack Abused Recursive Windows Junctions to Hide Malware

GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. [...] https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/ Posted from: this blog via Microsoft Power Automate .

DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act

This summary is not available. Please click here to view the post.

DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act

This summary is not available. Please click here to view the post.

SimpleHelp bug lets hackers create rogue remote support accounts

A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. [...] https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ Posted from: this blog via Microsoft Power Automate .

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...] https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

OptinMonster WordPress plugin hacked in CDN supply-chain attack

WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...] https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Council of Europe investigates ShinyHunters data breach claims

The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...] https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/ Posted from: this blog via Microsoft Power Automate .

FBI: Fraudsters use couriers to steal money in crypto scams

The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. [...] https://www.bleepingcomputer.com/news/security/fbi-fraudsters-use-couriers-to-steal-money-in-crypto-scams/ Posted from: this blog via Microsoft Power Automate .

New attack turned Microsoft 365 Copilot into 1-click data theft tool

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...] https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ Posted from: this blog via Microsoft Power Automate .

Webinar: How behavioral AI stops phishing and account takeovers

Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. [...] https://www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/ Posted from: this blog via Microsoft Power Automate .

Infinite Campus data breach affects 137,000 school staff accounts

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...] https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/ Posted from: this blog via Microsoft Power Automate .

FBI disrupts massive AI-powered phishing service using a million URLs

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...] https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/ Posted from: this blog via Microsoft Power Automate .

FBI disrupts massive AI-powered phishing service using a million URLs

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...] https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/ Posted from: this blog via Microsoft Power Automate .

FBI disrupts massive AI-powered phishing service using a million URLs

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...] https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/ Posted from: this blog via Microsoft Power Automate .

Ex-school district employee jailed for hacks on former employer

A former  IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...] https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers hijack auth flow, spy on isolated network for a decade

Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/ Posted from: this blog via Microsoft Power Automate .

US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos

The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere. [...] https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/ Posted from: this blog via Microsoft Power Automate .

Maine disables data breach notification portal after fake disclosures

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...] https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/ Posted from: this blog via Microsoft Power Automate .

phpBB forum fixes auth bypass bug lurking for a decade

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...] https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/ Posted from: this blog via Microsoft Power Automate .

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...] https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/ Posted from: this blog via Microsoft Power Automate .

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...] https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/ Posted from: this blog via Microsoft Power Automate .

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...] https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/ Posted from: this blog via Microsoft Power Automate .

Japanese energy firm loses drive with data of 10.9 million clients

Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...] https://www.bleepingcomputer.com/news/security/japanese-energy-firm-loses-drive-with-data-of-109-million-clients/ Posted from: this blog via Microsoft Power Automate .

Maine breach portal abused to publish fake data breach disclosures

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...] https://www.bleepingcomputer.com/news/security/maine-breach-portal-abused-to-publish-fake-data-breach-disclosures/ Posted from: this blog via Microsoft Power Automate .

Maine breach portal abused to publish fake data breach disclosures

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...] https://www.bleepingcomputer.com/news/security/maine-breach-portal-abused-to-publish-fake-data-breach-disclosures/ Posted from: this blog via Microsoft Power Automate .

Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...] https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Authorities dismantle 'AudiA6' ransomware crypto-laundering service

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...] https://www.bleepingcomputer.com/news/legal/authorities-dismantle-audia6-ransomware-crypto-laundering-service/ Posted from: this blog via Microsoft Power Automate .

Authorities dismantle 'AudiA6' ransomware crypto-laundering service

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...] https://www.bleepingcomputer.com/news/legal/authorities-dismantle-audia6-ransomware-crypto-laundering-service/ Posted from: this blog via Microsoft Power Automate .

Path traversal flaw in AI dev platform Langflow exploited in attacks

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...] https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...] https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/ Posted from: this blog via Microsoft Power Automate .

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...] https://www.bleepingcomputer.com/news/security/github-announces-npm-security-changes-to-tackle-supply-chain-attacks/ Posted from: this blog via Microsoft Power Automate .

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...] https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

The 5 Best Practices for Secure Identity Verification

Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...] https://www.bleepingcomputer.com/news/security/the-5-best-practices-for-secure-identity-verification/ Posted from: this blog via Microsoft Power Automate .

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-exchange-server-zero-day-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Anthropic rolls out Claude Fable 5, but it's available for a limited time

Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-rolls-out-claude-fable-5-but-its-available-for-a-limited-time/ Posted from: this blog via Microsoft Power Automate .

Anthropic rolls out Claude Fable 5, but it's available for a limited time

Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-rolls-out-claude-fable-5-but-its-available-for-a-limited-time/ Posted from: this blog via Microsoft Power Automate .

Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5094126 & KB5093998 cumulative updates released

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5094126 & KB5093998 cumulative updates released

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

XBOW tests Anthropic's Mythos Preview for offensive security

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...] https://www.bleepingcomputer.com/news/security/xbow-tests-anthropics-mythos-preview-for-offensive-security/ Posted from: this blog via Microsoft Power Automate .

GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...] https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

New Veeam vulnerability exposes backup servers to RCE attacks

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...] https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/ Posted from: this blog via Microsoft Power Automate .

New Apple feature automatically changes your compromised passwords

At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...] https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/ Posted from: this blog via Microsoft Power Automate .

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...] https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/ Posted from: this blog via Microsoft Power Automate .

WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...] https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...] https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...] https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/ Posted from: this blog via Microsoft Power Automate .

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...] https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/ Posted from: this blog via Microsoft Power Automate .

Reducing security operations complexity with Wazuh Cloud

Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. [...] https://www.bleepingcomputer.com/news/security/reducing-security-operations-complexity-with-wazuh-cloud/ Posted from: this blog via Microsoft Power Automate .

Oxford University discloses data breach after careers platform hack

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...] https://www.bleepingcomputer.com/news/security/oxford-university-discloses-data-breach-after-careerconnect-platform-hack/ Posted from: this blog via Microsoft Power Automate .

Over 20,000 Instagram accounts stolen in Meta AI support hack

Meta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...] https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-affects-20-000-instagram-accounts/ Posted from: this blog via Microsoft Power Automate .

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-intelligent-terminal-an-ai-powered-windows-terminal/ Posted from: this blog via Microsoft Power Automate .

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-intelligent-terminal-an-ai-powered-windows-terminal/ Posted from: this blog via Microsoft Power Automate .

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-intelligent-terminal-an-ai-powered-windows-terminal/ Posted from: this blog via Microsoft Power Automate .

Silent Ransom Group targets law firms with fake IT support calls

The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...] https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/ Posted from: this blog via Microsoft Power Automate .

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. [...] https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/ Posted from: this blog via Microsoft Power Automate .

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. [...] https://www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...] https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/ Posted from: this blog via Microsoft Power Automate .

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...] https://www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/ Posted from: this blog via Microsoft Power Automate .

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...] https://www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/ Posted from: this blog via Microsoft Power Automate .

Dark web Nemesis Market vendor gets 26 years for selling drugs

A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...] https://www.bleepingcomputer.com/news/security/dark-web-nemesis-market-vendor-gets-26-years-for-selling-drugs/ Posted from: this blog via Microsoft Power Automate .

Over 900 US gas station tank gauge systems exposed to attacks

Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. [...] https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/ Posted from: this blog via Microsoft Power Automate .

What 2026 DBIR Confirms: Attacks Are Living in the Browser

Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...] https://www.bleepingcomputer.com/news/security/what-2026-dbir-confirms-attacks-are-living-in-the-browser/ Posted from: this blog via Microsoft Power Automate .

Hola Browser for Windows compromised to deliver cryptominer

The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...] https://www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/ Posted from: this blog via Microsoft Power Automate .

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...] https://www.bleepingcomputer.com/news/security/credit-card-theft-campaign-abuses-stripe-to-host-stolen-payment-info/ Posted from: this blog via Microsoft Power Automate .

DentaQuest data breach exposed info of 2.6 million accounts

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.  [...] https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/ Posted from: this blog via Microsoft Power Automate .

DentaQuest data breach exposed info of 2.6 million accounts

A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.  [...] https://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/ Posted from: this blog via Microsoft Power Automate .

UN food agency discloses breach affecting 600,000 Gaza households

The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...] https://www.bleepingcomputer.com/news/security/un-world-food-programme-breach-affects-600-000-gaza-households/ Posted from: this blog via Microsoft Power Automate .

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...] https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers use new Atlas RAT malware in European cyberattacks

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-atlas-rat-malware-in-european-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

The U.S. sanctions Nobitex crypto exchange used by ransomware

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...] https://www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/ Posted from: this blog via Microsoft Power Automate .

The U.S. sanctions Nobitex crypto exchange used by ransomware

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...] https://www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/ Posted from: this blog via Microsoft Power Automate .

The U.S. sanctions Nobitex crypto exchange used by ransomware

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...] https://www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/ Posted from: this blog via Microsoft Power Automate .

CISA warns of cyberattacks targeting fuel tank monitoring systems

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/ Posted from: this blog via Microsoft Power Automate .

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...] https://www.bleepingcomputer.com/news/security/new-http-2-bomb-dos-attack-crashes-web-servers-in-under-a-minute/ Posted from: this blog via Microsoft Power Automate .

CISA warns of active attacks exploiting Android, Linux bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/ Posted from: this blog via Microsoft Power Automate .

Over 116,000 Mincraft systems infected in WeedHack malware campaign

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...] https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/ Posted from: this blog via Microsoft Power Automate .

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...] https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/ Posted from: this blog via Microsoft Power Automate .

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...] https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/ Posted from: this blog via Microsoft Power Automate .

Microsoft Exchange Online outage causes email delays, failures

Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/ Posted from: this blog via Microsoft Power Automate .

Instagram users locked out after Meta AI abused to steal accounts

Multiple Instagram users had their accounts hijacked after attackers convinced Meta's AI-powered support tools that they were the legitimate owners. [...] https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/ Posted from: this blog via Microsoft Power Automate .

Why the browser is now the front line for AI security

AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. [...] https://www.bleepingcomputer.com/news/security/why-the-browser-is-now-the-front-line-for-ai-security/ Posted from: this blog via Microsoft Power Automate .

Instagram users locked out after Meta AI abused to steal accounts

Multiple Instagram users had their accounts hijacked after attackers convinced Meta's AI-powered support tools that they were the legitimate owners. [...] https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/ Posted from: this blog via Microsoft Power Automate .

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...] https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/ Posted from: this blog via Microsoft Power Automate .

Spain arrests doxer leaking sensitive data of govt employees

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...] https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/ Posted from: this blog via Microsoft Power Automate .

Dashlane password manager users locked out by brute force attacks

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...] https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/ Posted from: this blog via Microsoft Power Automate .

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...] https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/ Posted from: this blog via Microsoft Power Automate .

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...] https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/ Posted from: this blog via Microsoft Power Automate .

Microsoft investigates Office Apps, Teams file access issues

Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/ Posted from: this blog via Microsoft Power Automate .

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...] https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Webinar tomorrow: From alert to resolution in network incident response

Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...] https://www.bleepingcomputer.com/news/security/webinar-tomorrow-from-alert-to-resolution-in-network-incident-response/ Posted from: this blog via Microsoft Power Automate .

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...] https://www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms outage affecting MFA, My Sign-Ins platform

Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes KB5089549 Windows security update install issues

Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes KB5089549 Windows security update install issues

Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/ Posted from: this blog via Microsoft Power Automate .