Bleeping Computer.

​Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates (ESU). [...]

​Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. [...]

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. [...]

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app. [...]

Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. [...]

A phishing campaign dubbed 'Phish n' Ships' has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. [...]

A commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024 found that Cynet's All-in-One Cybersecurity Platform generated $2.73 million in savings, paying for itself in under six months, for a return on investment of 426%. [...]

The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency. [...]

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. [...]

​Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. [...]

QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]

The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. [...]

A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead. [...]

A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]

The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. [...]

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. [...]

Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. [...]

QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. [...]

The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. [...]