SAP patches second zero-day flaw exploited in recent attacks
SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. [...]
Bleeping Computer.
North Korea ramps up cyberspying in Ukraine to assess war risk
3 weeks 6 days ago
The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. [...]
Bill Toulas
Twilio denies breach following leak of alleged Steam 2FA codes
3 weeks 6 days ago
Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. [...]
Bill Toulas
Ivanti fixes EPMM zero-days chained in code execution attacks
3 weeks 6 days ago
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. [...]
Sergiu Gatlan
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
3 weeks 6 days ago
Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. [...]
Lawrence Abrams
Windows 11 KB5058411 and KB5058405 cumulative updates released
3 weeks 6 days ago
Microsoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
Mayank Parmar
Android 16 expands 'Advanced Protection' with device-level security
3 weeks 6 days ago
Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. [...]
Bill Toulas
Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer
3 weeks 6 days ago
Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. [...]
Lawrence Abrams
Fortinet fixes critical zero-day exploited in FortiVoice attacks
3 weeks 6 days ago
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. [...]
Sergiu Gatlan
Ivanti warns of critical Neurons for ITSM auth bypass flaw
4 weeks ago
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. [...]
Sergiu Gatlan
New Intel CPU flaws leak sensitive data from privileged memory
4 weeks ago
A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. [...]
Bill Toulas
Microsoft will update Office apps on Windows 10 until 2028
4 weeks ago
Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. [...]
Sergiu Gatlan
Increase Red Team Operations 10X with Adversarial Exposure Validation
4 weeks ago
Red teams uncover what others miss — but they can't be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. [...]
Sponsored by Picus Security
M&S says customer data stolen in cyberattack, forces password resets
4 weeks ago
Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. [...]
Bill Toulas
ASUS DriverHub flaw let malicious sites run commands with admin rights
4 weeks ago
The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. [...]
Bill Toulas
Windows 11 upgrade block lifted after Safe Exam Browser fix
4 weeks ago
Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. [...]
Sergiu Gatlan
Hackers now testing ClickFix attacks against Linux targets
4 weeks ago
A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. [...]
Bill Toulas
Output Messenger flaw exploited as zero-day in espionage attacks
4 weeks ago
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. [...]
Sergiu Gatlan
Moldova arrests suspect linked to DoppelPaymer ransomware attacks
4 weeks 1 day ago
Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. [...]
Sergiu Gatlan
Google to pay $1.375 billion to settle Texas data privacy violations
4 weeks 1 day ago
Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent. [...]
Bill Toulas
Checked
5 hours 33 minutes ago
BleepingComputer - All Stories
Bleeping Computer. feed