1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Chrome 136 fixes 20-year browser history privacy risk
Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. [...]
https://www.bleepingcomputer.com/news/security/chrome-136-fixes-20-year-browser-history-privacy-risk/
Tycoon2FA phishing kit targets Microsoft 365 with new tricks
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. [...]
https://www.bleepingcomputer.com/news/security/tycoon2fa-phishing-kit-targets-microsoft-365-with-new-tricks/
Microsoft Defender will isolate undiscovered endpoints to block attacks
Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-will-isolate-undiscovered-endpoints-to-block-attacks/
Western Sydney University discloses security breaches, data leak
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. [...]
https://www.bleepingcomputer.com/news/security/western-sydney-university-discloses-security-breaches-data-leak/
Microsoft: Windows 'inetpub' folder created by security fix, don’t delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. [...]
https://www.bleepingcomputer.com/news/security/microsoft-windows-inetpub-folder-created-by-security-fix-dont-delete/
US lab testing provider exposed health data of 1.6 million people
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. [...]
https://www.bleepingcomputer.com/news/security/us-lab-testing-provider-exposed-health-data-of-16-million-people/
Ransomware attack cost IKEA operator in Eastern Europe $23 million
Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). [...]
https://www.bleepingcomputer.com/news/security/ransomware-attack-cost-ikea-operator-in-eastern-europe-23-million/
Microsoft releases emergency update to fix Office 2016 crashes
Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-update-to-fix-office-2016-crashes/
Microsoft: Licensing issue blocks Microsoft 365 Family for some users
Microsoft is investigating a potential licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-licensing-issue-blocks-microsoft-365-family-for-some-users/
Russian hackers attack Western military mission using malicious drive
The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. [...]
https://www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/
Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool
Flipper Devices, the company behind the popular Flipper Zero, has launched an open-source productivity tool called Busy Bar, designed to help reduce distractions for people with ADHD. [...]
https://www.bleepingcomputer.com/news/technology/flipper-zero-maker-unveils-busy-bar-a-new-adhd-productivity-tool/
Windows 11 tests sharing apps screen and files with Copilot AI
Copilot on Windows 11 is testing OS-level integration that would allow you to share your favourite apps' screen with Copilot. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-tests-sharing-apps-screen-and-files-with-copilot-ai/
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. [...]
https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/
Windows 11 April update unexpectedly creates new 'inetpub' folder
Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
CentreStack RCE exploited as zero-day to breach file sharing servers
Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...]
https://www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/
Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0
OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openais-gpt-41-is-coming-before-gpt-50/
AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. [...]
https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
Microsoft starts final Windows Recall testing before rollout
Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-final-windows-recall-testing-before-rollout/
Fortinet: Symlink trick gives access to patched FortiGate VPN devices
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. [...]
https://www.bleepingcomputer.com/news/security/fortinet-symlink-trick-gives-access-to-patched-fortigate-vpn-devices/
Google's AI video generator Veo 2 is rolling out on AI Studio
Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/googles-ai-video-generator-veo-2-is-rolling-out-on-ai-studio/
Microsoft says Edge browser is now 9% faster after optimizations
The Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-edge-browser-is-now-9-percent-faster-after-optimizations/
Hackers exploit WordPress plugin auth bypass hours after disclosure
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/
OpenAI wants ChatGPT to know you over your life with new Memory update
OpenAI is giving ChatGPT's memory feature its biggest upgrade yet, allowing the AI to know you better by referencing all your past conversations. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-wants-chatgpt-to-know-you-over-your-life-with-new-memory-update/
Claude copies ChatGPT with $200 Max plan, but users aren't happy
Claude has a new subscription tier called "MAX," but it costs a whopping $200 per month, and users aren't happy with how the company enforces rate limits. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/claude-copies-chatgpt-with-200-max-plan-but-users-arent-happy/
Sensata Technologies hit by ransomware attack impacting operations
Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. [...]
https://www.bleepingcomputer.com/news/security/sensata-technologies-hit-by-ransomware-attack-impacting-operations/
ChatGPT's o4-mini, o4-mini-high and o3 spotted ahead of release
OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-o4-mini-o4-mini-high-and-o3-spotted-ahead-of-release/
Google takes on Cursor with Firebase Studio, its AI builder for vibe coding
Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. [...]
https://www.bleepingcomputer.com/news/google/google-takes-on-cursor-with-firebase-studio-its-ai-builder-for-vibe-coding/
Oracle says "obsolete servers" hacked, denies cloud breach
Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [...]
https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/
Critical FortiSwitch flaw lets hackers change admin passwords remotely
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]
https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/
Microsoft investigates global Exchange Admin Center outage
Microsoft is investigating an ongoing outage that is blocking admins worldwide from accessing the Exchange Admin Center (EAC). [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-global-exchange-admin-center-outage/