Windows 11 update breaks Veeam recovery, causes connection errors
Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. [...]
Bleeping Computer.
Google fixes Chrome zero-day exploited in espionage campaign
6 hours 5 minutes ago
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. [...]
Sergiu Gatlan
CrushFTP warns users to patch unauthenticated access flaw immediately
16 hours 36 minutes ago
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. [...]
Sergiu Gatlan
Cloudflare R2 service outage caused by password rotation error
17 hours ago
Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. [...]
Bill Toulas
Broadcom warns of authentication bypass in VMware Windows Tools
17 hours 30 minutes ago
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. [...]
Sergiu Gatlan
New Windows zero-day leaks NTLM hashes, gets unofficial patch
18 hours 25 minutes ago
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. [...]
Sergiu Gatlan
EncryptHub linked to MMC zero-day attacks on Windows systems
19 hours 56 minutes ago
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. [...]
Sergiu Gatlan
Browser-in-the-Browser attacks target CS2 players' Steam accounts
20 hours 55 minutes ago
A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...]
Bill Toulas
New Android malware uses Microsoft’s .NET MAUI to evade detection
22 hours 55 minutes ago
New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. [...]
Bill Toulas
23andMe files for bankruptcy, customers advised to delete DNA data
1 day 16 hours ago
California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. [...]
Sergiu Gatlan
New VanHelsing ransomware targets Windows, ARM, ESXi systems
1 day 17 hours ago
A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. [...]
Bill Toulas
Cyberattack takes down Ukrainian state railway’s online services
1 day 18 hours ago
Ukrzaliznytsia, Ukraine's national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. [...]
Bill Toulas
DrayTek routers worldwide go into reboot loops over weekend
1 day 18 hours ago
Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. [...]
Sergiu Gatlan
Chinese Weaver Ant hackers spied on telco network for 4 years
1 day 18 hours ago
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. [...]
Bill Toulas
Police arrests 300 suspects linked to African cybercrime rings
1 day 20 hours ago
African law enforcement authorities have arrested 306 suspects as part of 'Operation Red Card,' an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. [...]
Sergiu Gatlan
Critical flaw in Next.js lets hackers bypass authorization
1 day 20 hours ago
A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]
Bill Toulas
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
1 day 22 hours ago
Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn't always enough. Don't let threats persist in your cloud data. Strengthen your defenses. [...]
Sponsored by Acronis
Google Gemini's Astra (screen sharing) rolls out on Android for some users
2 days 8 hours ago
At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed "Project Astra". At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. [...]
Mayank Parmar
FBI warnings are true—fake file converters do push malware
2 days 22 hours ago
The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios, lead to ransomware attacks. [...]
Lawrence Abrams
Cloudflare now blocks all unencrypted traffic to its API endpoints
3 days 21 hours ago
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [...]
Bill Toulas
Checked
3 hours 48 minutes ago
BleepingComputer - All Stories
Bleeping Computer. feed