@www.bleepingcomputer.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
BleepingComputer - All Stories
Site URL: www.bleepingcomputer.com/
Feed URL: www.bleepingcomputer.com/feed
Posts: 64
Followers: 1
CISA orders feds to patch Windows flaw exploited as zero-day
Published: April 29, 2026 10:29
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. [...]
Microsoft says backend change broke Teams Free chat and calls
Published: April 29, 2026 08:38
Microsoft is working to resolve a known issue that prevents some Microsoft Teams Free users from chatting and calling others. [...]
Broken VECT 2.0 ransomware acts as a data wiper for large files
Published: April 28, 2026 21:25
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. [...]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Published: April 28, 2026 21:07
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability  tracked as CVE-2026-42208. [...]
Video service Vimeo confirms Anodot breach exposed user data
Published: April 28, 2026 19:04
Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. [...]
US reportedly charges Scattered Spider hacker arrested in Finland
Published: April 28, 2026 15:39
A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. [...]
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Published: April 28, 2026 14:50
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
Microsoft to deprecate legacy TLS in Exchange Online starting July
Published: April 28, 2026 13:18
Microsoft says it will start blocking legacy TLS connections for POP and IMAP email clients in Exchange Online starting in July 2026. [...]
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Published: April 28, 2026 12:50
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. [...]
Microsoft: New Remote Desktop warnings may display incorrectly
Published: April 28, 2026 09:51
Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]
Microsoft asks iPhone users to reauthenticate after Outlook outage
Published: April 28, 2026 08:37
After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. [...]
Robinhood account creation flaw abused to send phishing emails
Published: April 27, 2026 23:11
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. [...]
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Published: April 27, 2026 21:41
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]
Canada arrests three for operating âSMS blasterâ device in Toronto
Published: April 27, 2026 20:00
Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones. [...]
Alleged Silk Typhoon hacker extradited to US for cyberespionage
Published: April 27, 2026 19:56
A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. [...]
FTC: Americans lost over $2.1 billion to social media scams in 2025
Published: April 27, 2026 16:27
The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025. [...]
PyPI package with 1.1M monthly downloads hacked to push infostealer
Published: April 27, 2026 15:17
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
Home security giant ADT data breach affects 5.5 million people
Published: April 27, 2026 14:43
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. [...]
Webinar: Spotting cyberattacks before they begin
https://www.bleepingcomputer.com/news/security/webinar-spotting-cyberattacks-before-they-begin/
Published: April 27, 2026 14:25
On Thursday, April 30 at 2:00 PM ET, BleepingComputer will host a live webinar with threat intelligence company Flare and threat intelligence researcher Tammy Harper, exploring how security teams can identify early warning signs of attacks before theyâŚ
Medtronic confirms breach after hackers claim 9 million records theft
Published: April 27, 2026 13:50
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]
Money launderer linked to $230M crypto heist gets 70 months in prison
Published: April 27, 2026 13:01
â22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. [...]
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Published: April 27, 2026 13:00
Three seconds of audio is all it takes to clone a voice for fraud. Adaptive Security shows how deepfake calls trick employees into sending real moneyâand why most defenses don't catch them. [...]
Microsoft says Outlook.com outage is causing signâin failures
Published: April 27, 2026 12:03
Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing their mailboxes. [...]
American utility firm Itron discloses breach of internal IT network
Published: April 26, 2026 14:22
Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. [...]
Microsoft rolls out revamped Windows Insider Program
Published: April 25, 2026 17:07
Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address performance and reliability concerns affecting Windows 11. [...]
Threat actor uses Microsoft Teams to deploy new âSnowâ malware
Published: April 25, 2026 15:07
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
ADT confirms data breach after ShinyHunters leak threat
Published: April 24, 2026 22:53
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]
Firestarter malware survives Cisco firewall updates, security patches
Published: April 24, 2026 20:34
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. [...]
Windows Update gets new controls to reduce forced restarts
Published: April 24, 2026 20:08
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent or poorly timed restarts. [...]
New BlackFile extortion group linked to surge of vishing attacks
Published: April 24, 2026 18:26
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]
Microsoft to roll out Entra passkeys on Windows in late April
Published: April 24, 2026 18:13
Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entraâprotected resources from Windows devices starting late April. [...]
New âPack2TheRootâ flaw gives hackers root Linux access
Published: April 24, 2026 17:28
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. [...]
DORA and operational resilience: Credential management as a financial risk control
Published: April 24, 2026 14:10
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach looks like when those controls are missing. [...]
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Published: April 24, 2026 13:35
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
Microsoft now lets admins uninstall Copilot on enterprise devices
Published: April 24, 2026 11:38
Microsoft says IT administrators can now uninstall the AI-powered Copilot digital assistant from enterprise devices using a new policy setting, which has become broadly available after the April 2026 Patch Tuesday. [...]
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Published: April 23, 2026 21:33
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]
Bitwarden CLI npm package compromised to steal developer credentials
Published: April 23, 2026 19:21
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]
Trigona ransomware attacks use custom exfiltration tool to steal data
Published: April 23, 2026 18:59
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]
New Checkmarx supply-chain breach affects KICS analysis tool
Published: April 23, 2026 16:05
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
Cosmetics giant Rituals discloses data breach affecting customers
Published: April 23, 2026 14:16
Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. [...]
Regular Password Resets Arenât as Safe as You Think
https://www.bleepingcomputer.com/news/security/regular-password-resets-arent-as-safe-as-you-think/
Published: April 23, 2026 14:10
Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. [...]
Microsoft: Some Teams users canât join meetings after Edge update
Published: April 23, 2026 13:18
Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings. [...]
UK warns of Chinese hackers using proxy networks to evade detection
Published: April 23, 2026 12:28
The United Kingdom's National Cyber Security Centre (NCSC-UK) and international partners warned that China-nexus hackers are increasingly using large-scale proxy networks of hijacked consumer devices to evade detection and disguise their maliciousâŚ
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
Published: April 23, 2026 12:06
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]
CISA orders feds to patch BlueHammer flaw exploited as zero-day
Published: April 23, 2026 11:05
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. [...]
Apple fixes iOS bug that retained deleted notification data
Published: April 22, 2026 20:58
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]
New Mirai campaign exploits RCE flaw in EoL D-Link routers
Published: April 22, 2026 20:04
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]
Kyber ransomware gang toys with post-quantum encryption on Windows
Published: April 22, 2026 18:52
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]
Spain dismantles major $4.7M manga piracy platform, arrests four
Published: April 22, 2026 15:06
The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around the globe. [...]
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
Published: April 22, 2026 14:01
Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]
New npm supply-chain attack self-spreads to steal auth tokens
Published: April 22, 2026 12:57
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]
Microsoft Teams to get efficiency mode on PCs with limited resources
Published: April 22, 2026 12:24
Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. [...]
Microsoft traces Universal Print issues to Graph API code change
Published: April 22, 2026 10:15
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. [...]
New GoGra malware for Linux uses Microsoft Graph API for comms
Published: April 22, 2026 10:00
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]
Microsoft releases emergency patches for critical ASP.NET flaw
Published: April 22, 2026 08:08
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Published: April 22, 2026 06:53
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]
French govt agency confirms breach as hacker offers to sell data
Published: April 21, 2026 21:46
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
New Lotus data wiper used against Venezuelan energy, utility firms
Published: April 21, 2026 18:38
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
Published: April 21, 2026 14:02
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. [...]
UK probes Telegram, teen chat sites over CSAM sharing concerns
Published: April 21, 2026 13:49
Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to share child sexual abuse material (CSAM). [...]
CISA flags new SD-WAN flaw as actively exploited in attacks
Published: April 21, 2026 12:30
âCISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Published: April 21, 2026 11:17
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
Former ransomware negotiator pleads guilty to BlackCat attacks
Published: April 21, 2026 10:12
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]
NGate Android malware uses HandyPay NFC app to steal card data
Published: April 21, 2026 09:00
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. [...]