1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. [...]
https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
Apple fixes two zero-days exploited in targeted iPhone attacks
Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. [...]
https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/
Jira Down: Atlassian users experiencing degraded performance
Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. [...]
https://www.bleepingcomputer.com/news/security/jira-down-atlassian-users-experiencing-degraded-performance/
CISA extends funding to ensure 'no lapse in critical CVE services'
CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. [...]
https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks
Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-some-devices-offered-windows-11-upgrades-despite-intune-blocks/
ChatGPT 4.1 early benchmarks compared against Google Gemini
ChatGPT 4.1 is now rolling out, and it's a significant leap from GPT 4o, but it fails to beat the benchmark set by Google's most powerful model, Gemini. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-41-early-benchmarks-compared-against-google-gemini/
Landmark Admin data breach impact now reaches 1.6 million people
Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. [...]
https://www.bleepingcomputer.com/news/security/landmark-admin-data-breach-impact-now-reaches-16-million-people/
Microsoft blocks ActiveX by default in Microsoft 365, Office 2024
Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-activex-by-default-in-microsoft-365-office-2024/
Google adds Android auto-reboot to block forensic data extractions
Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]
https://www.bleepingcomputer.com/news/security/google-adds-android-auto-reboot-to-block-forensic-data-extractions/
Hertz confirms customer info, drivers' licenses stolen in data breach
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]
https://www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/
Cybersecurity firm buying hacker forum accounts to spy on cybercriminals
Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on cybercrime forums to conduct threat intelligence operations. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-buying-hacker-forum-accounts-to-spy-on-cybercriminals/
New ResolverRAT malware targets pharma and healthcare orgs worldwide
A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]
https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/
Kidney dialysis firm DaVita hit by weekend ransomware attack
Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. [...]
https://www.bleepingcomputer.com/news/security/kidney-dialysis-firm-davita-hit-by-weekend-ransomware-attack/
Microsoft tells Windows users to ignore 0x80070643 WinRE errors
Microsoft says some users might see 0x80070643 installation failures when trying to deploy the April 2025 Windows Recovery Environment (WinRE) updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-tells-windows-users-to-ignore-winre-install-errors/
OpenAI's GPT-4.1, 4.1 nano, and 4.1 mini models release imminent
According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openais-gpt-41-41-nano-and-41-mini-models-release-imminent/
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams
Google blocked 5.1 billion ads and suspended more than 39.2 million advertiser accounts in 2024, according to its 2024 Ads Safety Report released this week. [...]
https://www.bleepingcomputer.com/news/google/google-blocked-over-5-billion-ads-in-2024-amid-rise-in-ai-powered-scams/
Google begins unifying search country domains to Google.com
Google has announced that it's retiring separate country code top-level domain names like google.co.uk or google.com.br and redirecting users to Google.com. [...]
https://www.bleepingcomputer.com/news/google/google-begins-unifying-search-country-domains-to-googlecom/
41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That
Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. [...]
https://www.bleepingcomputer.com/news/security/41-percent-of-attacks-bypass-defenses-adversarial-exposure-validation-fixes-that/
Microsoft warns of blue screen crashes caused by April updates
Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/
MITRE warns that funding for critical CVE program expires today
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]
https://www.bleepingcomputer.com/news/security/mitre-warns-that-funding-for-critical-cve-program-expires-today/
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. [...]
https://www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/
Infamous message board 4chan taken down following major hack
4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. [...]
https://www.bleepingcomputer.com/news/security/infamous-message-board-4chan-taken-down-following-major-hack/
Microsoft: Exchange 2016 and 2019 reach end of support in six months
Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-six-months/
Microsoft warns of CPU spikes when typing in classic Outlook
Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-cpu-spikes-when-typing-in-classic-outlook/
Govtech giant Conduent confirms client data stolen in January cyberattack
American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. [...]
https://www.bleepingcomputer.com/news/security/govtech-giant-conduent-confirms-client-data-stolen-in-january-cyberattack/
SSL/TLS certificate lifespans reduced to 47 days by 2029
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
Meta to resume AI training on content shared by Europeans
Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. [...]
https://www.bleepingcomputer.com/news/technology/meta-to-resume-ai-training-on-content-shared-by-europeans/
Enhancing your DevSecOps with Wazuh, the open source XDR platform
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]
https://www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/
Microsoft: New emergency Windows updates fix AD policy issues
Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-emergency-windows-updates-fix-ad-policy-issues/
Microsoft: Windows Server 2025 restarts break connectivity on some DCs
Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2025-restarts-break-services-on-domain-controllers/