Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]
Bleeping Computer.
Employee charged with stealing unreleased movies, sharing them online
3 weeks 4 days ago
A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. [...]
Sergiu Gatlan
US charges Garantex admins with money laundering, sanctions violations
3 weeks 4 days ago
The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. [...]
Sergiu Gatlan
Data breach at Japanese telecom giant NTT hits 18,000 companies
3 weeks 4 days ago
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. [...]
Bill Toulas
Microsoft: North Korean hackers join Qilin ransomware gang
3 weeks 5 days ago
Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. [...]
Sergiu Gatlan
Microsoft says malvertising campaign impacted 1 million PCs
3 weeks 5 days ago
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...]
Sergiu Gatlan
Ransomware gang encrypted network from a webcam to bypass EDR
3 weeks 5 days ago
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]
Bill Toulas
Ransomware gang encrypted network from a webcam to bypass EDR
3 weeks 5 days ago
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]
Bill Toulas
US seizes domain of Garantex crypto exchange used by ransomware gangs
3 weeks 5 days ago
The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. [...]
Sergiu Gatlan
Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets
3 weeks 5 days ago
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. [...]
Sergiu Gatlan
Ethereum private key stealer on PyPI downloaded over 1,000 times
3 weeks 5 days ago
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. [...]
Bill Toulas
Microsoft 365 apps will prompt users to back up files in OneDrive
3 weeks 5 days ago
Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. [...]
Sergiu Gatlan
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
3 weeks 5 days ago
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]
Bill Toulas
Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses
3 weeks 5 days ago
The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. [...]
Sponsored by Cynomi
Malicious Chrome extensions can spoof password managers in new attack
3 weeks 5 days ago
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]
Bill Toulas
Open-source tool 'Rayhunter' helps users detect Stingray attacks
3 weeks 6 days ago
The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]
Bill Toulas
Silk Typhoon hackers now target IT supply chains to breach networks
3 weeks 6 days ago
Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...]
Bill Toulas
US charges Chinese hackers linked to critical infrastructure breaches
3 weeks 6 days ago
The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...]
Sergiu Gatlan
BadBox malware disrupted on 500K infected Android devices
3 weeks 6 days ago
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. [...]
Bill Toulas
YouTube warns of AI-generated video of its CEO used in phishing attacks
3 weeks 6 days ago
YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...]
Sergiu Gatlan
Checked
2 hours 8 minutes ago
BleepingComputer - All Stories
Bleeping Computer. feed