1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
VMware Certification: Your Next Career Power Move
VMware certification isn't just about passing exams — it's about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. [...]
https://www.bleepingcomputer.com/news/security/vmware-certification-your-next-career-power-move/
Over 266,000 F5 BIG-IP instances exposed to remote attacks
Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. [...]
https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/
Auction giant Sotheby’s says data breach exposed customer information
Major international auction house Sotheby's is notifying customers of a data breach incident on its systems where threat actors stole sensitive information, including financial details. [...]
https://www.bleepingcomputer.com/news/security/auction-giant-sothebys-says-data-breach-exposed-customer-information/
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
Microsoft: Office 2016 and Office 2019 have reach end of support
Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-have-reach-end-of-support/
CISA: Maximum-severity Adobe flaw now exploited in attacks
CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. [...]
https://www.bleepingcomputer.com/news/security/cisa-maximum-severity-adobe-flaw-now-exploited-in-attacks/
North Korean hackers use EtherHiding to hide malware on the blockchain
North Korean hackers were observed employing the 'EtherHiding' tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. [...]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/
YouTube is down worldwide with playback error
YouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]
https://www.bleepingcomputer.com/news/google/youtube-is-down-worldwide-with-playback-error/
PowerSchool hacker gets sentenced to four years in prison
19-year-old college student Matthew D. Lane, from Worcester, Massachusetts, was sentenced to 4 years in prison for orchestrating a cyberattack on PowerSchool in December 2024 that resulted in a massive data breach. [...]
https://www.bleepingcomputer.com/news/security/powerschool-hacker-gets-sentenced-to-four-years-in-prison/
F5 releases BIG-IP patches for stolen security vulnerabilities
Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. [...]
https://www.bleepingcomputer.com/news/security/f5-releases-big-ip-patches-for-stolen-security-vulnerabilities/
Clothing giant MANGO discloses data breach exposing customer info
Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. [...]
https://www.bleepingcomputer.com/news/security/clothing-giant-mango-discloses-data-breach-exposing-customer-info/
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. [...]
https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code/
Final Windows 10 Patch Tuesday update rolls out as support ends
In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. [...]
https://www.bleepingcomputer.com/news/microsoft/final-windows-10-patch-tuesday-update-rolls-out-as-support-ends/
Microsoft: Exchange 2016 and 2019 have reached end of support
Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-have-reached-end-of-support/
Windows 11 KB5066835 and KB5066793 updates released
Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5066835-and-kb5066793-updates-released/
Microsoft fixes Windows bug breaking localhost HTTP connections
Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-bug-breaking-localhost-http-connections/
Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections
Microsoft's October Windows 11 updates have broken the "localhost" functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-updates-break-localhost-127001-http-2-connections/
Have I Been Pwned: Prosper data breach impacts 17.6 million accounts
Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. [...]
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-prosper-data-breach-impacting-176-million-accounts/
Microsoft disrupts ransomware attacks targeting Teams users
Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-disrupts-ransomware-attacks-targeting-teams-users/
Gladinet fixes actively exploited zero-day in file-sharing software
Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. [...]
https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-exploited-zero-day-in-file-sharing-software/
Unified Exposure Management Platforms: The Future of Preemptive Cyber Defense
Traditional MDR focuses on reacting to attacks already in motion — but modern threats demand prevention. Picus Security explains how Unified Exposure Management Platforms continuously identifies, validates, and fixes exploitable risks before adversaries strike. [...]
https://www.bleepingcomputer.com/news/security/unified-exposure-management-platforms-the-future-of-preemptive-cyber-defense/
Microsoft debuts Copilot Actions for agentic AI-driven Windows tasks
Microsoft announced today a new Windows 11 Copilot feature called Copilot Actions that enables AI agents to perform real tasks on local files and applications. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-debuts-copilot-actions-for-agentic-ai-driven-windows-tasks/
Capita to pay £14 million for data breach impacting 6.6 million people
The Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. [...]
https://www.bleepingcomputer.com/news/security/capita-to-pay-14-million-for-data-breach-impacting-66-million-people/
Fake LastPass, Bitwarden breach alerts lead to PC hijacks
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. [...]
https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/
Microsoft: Sept Windows Server updates cause Active Directory issues
Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2025-windows-server-updates-cause-active-directory-issues/
How to spot dark web threats on your network using NDR
Dark web activity can hide in plain sight within everyday network traffic. Corelight's NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. [...]
https://www.bleepingcomputer.com/news/security/how-to-spot-dark-web-threats-on-your-network-using-ndr/
Malicious crypto-stealing VSCode extensions resurface on OpenVSX
A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. [...]
https://www.bleepingcomputer.com/news/security/malicious-crypto-stealing-vscode-extensions-resurface-on-openvsx/
New Android Pixnapping attack steals MFA codes pixel-by-pixel
A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. [...]
https://www.bleepingcomputer.com/news/security/new-android-pixnapping-attack-steals-mfa-codes-pixel-by-pixel/
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/
US seizes $15 billion in crypto from 'pig butchering' kingpin
The U.S. Department of Justice has seized $15 billion in bitcoin from the leader of Prince Group, a criminal organization that stole billions of dollars from victims in the United States through cryptocurrency investment scams, also known as romance baiting or pig butchering. [...]
https://www.bleepingcomputer.com/news/security/us-seizes-15-billion-in-crypto-from-pig-butchering-kingpin/