1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Hacker selling critical Roundcube webmail exploit as tech info disclosed
Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. [...]
https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/
Germany fines Vodafone $51 million for privacy, security breaches
The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company's German subsidiary, €45 million ($51.4 million) for privacy and security violations. [...]
https://www.bleepingcomputer.com/news/security/germany-fines-vodafone-51-million-for-privacy-security-breaches/
Interlock ransomware claims Kettering Health breach, leaks stolen data
The Interlock ransomware gang has claimed a recent cyberattack on the Kettering Health healthcare network and leaked data allegedly stolen from breached systems. [...]
https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-kettering-health-breach-leaks-stolen-data/
Microsoft unveils free EU cybersecurity program for governments
Microsoft announced in Berlin today a new European Security Program that promises to bolster cybersecurity for European governments. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-free-eu-cybersecurity-program-for-governments/
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. [...]
https://www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/
Ukraine claims it hacked Tupolev, Russia’s strategic warplane maker
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. [...]
https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-tupolev-russias-strategic-warplane-maker/
FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets
The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-nft-airdrop-scams-targeting-hedera-hashgraph-wallets/
Google: Hackers target Salesforce accounts in data extortion attacks
Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations' Salesforce platforms. [...]
https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/
Hacker targets other hackers and gamers with backdoored GitHub code
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. [...]
https://www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
ChatGPT rolls out Memory upgrade for free users
ChatGPT's memory feature is now better and capable of referencing past conversations for free accounts. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-rolls-out-memory-upgrade-for-free-users/
Coinbase breach tied to bribed TaskUs support agents in India
A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. [...]
https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/
Malicious RubyGems pose as Fastlane to steal Telegram API data
Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. [...]
https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/
Scattered Spider: Three things the news doesn’t tell you
Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. [...]
https://www.bleepingcomputer.com/news/security/scattered-spider-three-things-the-news-doesnt-tell-you/
Victoria’s Secret delays earnings release after security incident
Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. [...]
https://www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/
Android malware Crocodilus adds fake contacts to spoof trusted callers
The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims. [...]
https://www.bleepingcomputer.com/news/security/android-malware-crocodilus-adds-fake-contacts-to-spoof-trusted-callers/
Designing a Windows Service for Security
Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
https://www.bleepingcomputer.com/news/security/designing-a-windows-service-for-security/
ViLE gang members sentenced for extortion, police portal breach
Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. [...]
https://www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/
US offers $10M for tips on state hackers tied to RedLine malware
The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. [...]
https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/
FBI: Play ransomware breached 900 victims, including critical orgs
In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. [...]
https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/
Cisco warns of ISE and CCP flaws with public exploit code
Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. [...]
https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/
BidenCash carding market domains seized in international operation
Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. [...]
https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/
Media giant Lee Enterprises says data breach affects 39,000 people
Publishing giant Lee Enterprises is notifying over 39,000 people whose personal information was stolen in a February 2025 ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/media-giant-lee-enterprises-says-data-breach-affects-39-000-people/
Kerberos AS-REP roasting attacks: What you need to know
Think your passwords are strong enough? AS-REP Roasting is back in the spotlight — and it's targeting weak spots in Active Directory. Learn more from Specops Software how attackers exploit missing Kerberos pre-auth and how to stop them with strong password policies. [...]
https://www.bleepingcomputer.com/news/security/kerberos-as-rep-roasting-attacks-what-you-need-to-know/
OpenAI is hopeful GPT-5 will compete a little more
OpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-hopeful-gpt-5-will-compete-a-little-more/
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. [...]
https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-warns-of-critical-storeonce-auth-bypass/
Microsoft adds quick machine recovery to Windows 11 settings
Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-quick-machine-recovery-to-windows-11-settings/
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. [...]
https://www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/
CISA warns of ConnectWise ScreenConnect bug exploited in attacks
CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. [...]
https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/
Cartier discloses data breach amid fashion brand cyberattacks
Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. [...]
https://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/