Nostr notes by BleepingComputer

Microsoft has released an emergency update to address a major ...

2026-03-23T08:04:47Z

Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive.

https://www.bleepingcomputer.com/news/microsoft/new-kb5085516-emergency-update-fixes-microsoft-account-sign-in/

The FBI has seized two websites used by the Handala hacktivist ...

2026-03-19T16:14:27Z

The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices.

https://www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/

Ubiquiti patched two UniFi Network Application vulnerabilities, ...

2026-03-19T13:00:36Z

Ubiquiti patched two UniFi Network Application vulnerabilities, including a maximum-severity flaw that may allow attackers to take over user accounts.

https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-unifi-flaw-that-may-enable-account-takeover/

Last week's cyberattack on medical technology giant Stryker ...

2026-03-16T19:17:36Z

Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices.

https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/

Microsoft has removed the Samsung Galaxy Connect app from the ...

2026-03-16T13:14:46Z

Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11.

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-samsung-app-blocking-windows-c-drive-from-store/

OpenAI told BleepingComputer that ChatGPT ads on Free and Go ...

2026-03-15T23:13:42Z

OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy.

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-chatgpt-ads-are-not-rolling-out-globally-for-now/

A new open-source tool called Betterleaks can scan directories, ...

2026-03-15T14:18:13Z

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

https://www.bleepingcomputer.com/news/security/betterleaks-a-new-open-source-secrets-scanner-to-replace-gitleaks/

Malicious JavaScript code delivered by the AppsFlyer Web SDK ...

2026-03-14T14:39:14Z

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

https://www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/

The FBI is asking gamers who installed Steam titles containing ...

2026-03-13T20:52:46Z

The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform.

https://www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/

Poland's National Centre for Nuclear Research (NCBJ) says ...

2026-03-13T17:11:53Z

Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact.

https://www.bleepingcomputer.com/news/security/polands-nuclear-research-centre-targeted-by-cyberattack/

An international law enforcement action codenamed "Operation ...

2026-03-13T13:28:46Z

An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide.

https://www.bleepingcomputer.com/news/security/police-sinkholes-45-000-ip-addresses-in-cybercrime-crackdown/

A threat actor tracked as Storm-2561 is distributing fake ...

2026-03-13T13:23:41Z

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users.

https://www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/

Starbucks has disclosed a data breach affecting hundreds of ...

2026-03-13T08:17:08Z

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

https://www.bleepingcomputer.com/news/security/starbucks-discloses-data-breach-affecting-hundreds-of-employees/

Google has released emergency security updates to patch two ...

2026-03-13T06:57:14Z

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks.

https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/

Still, out of an abundance of caution, Loblaw says it has ...

2026-03-12T21:32:35Z

Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company's digital services will have to log in again.

https://www.bleepingcomputer.com/news/security/canadian-retail-giant-loblaw-notifies-customers-of-data-breach/

A new malware strain dubbed Slopoly, likely created using ...

2026-03-12T20:01:41Z

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack.

https://www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/

Data protection company Veeam Software has patched multiple flaws ...

2026-03-12T16:59:34Z

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.

https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-flaws-exposing-backup-servers-to-rce-attacks/

Law enforcement agencies in the U.S. and Europe along with ...

2026-03-12T16:20:11Z

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux.

https://www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/

Apple has released security updates to patch older iPhones and ...

2026-03-12T13:44:02Z

Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

https://www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/

Leading medical technology company Stryker has been hit by a ...

2026-03-11T17:21:36Z

Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.

https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/

Meta is introducing new anti-scam protections across its ...

2026-03-11T13:29:42Z

Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers.

https://www.bleepingcomputer.com/news/security/meta-adds-new-whatsapp-facebook-and-messenger-anti-scam-tools/

For more than a year, a Russian-speaking threat actor targeted ...

2026-03-10T22:58:09Z

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

https://www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/

A new Android malware named BeatBanker can hijack devices and ...

2026-03-10T21:28:18Z

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.

https://www.bleepingcomputer.com/news/security/new-beatbanker-android-malware-poses-as-starlink-app-to-hijack-devices/

Microsoft has released the Windows 10 KB5078885 extended security ...

2026-03-10T18:23:48Z

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down.

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5078885-extended-security-update/

Today is Microsoft's March 2026 Patch Tuesday with security ...

2026-03-10T17:50:05Z

Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/

Microsoft has released Windows 11 KB5079473 and KB5078883 ...

2026-03-10T17:41:53Z

Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features.

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5079473-and-kb5078883-cumulative-updates-released/

Hewlett Packard Enterprise (HPE) has patched multiple security ...

2026-03-10T17:30:50Z

Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-aos-cx-flaw-allowing-admin-password-resets/

Microsoft is rolling out passkey support for Microsoft Entra on ...

2026-03-10T15:28:12Z

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello.

https://www.bleepingcomputer.com/news/microsoft/microsoft-entra-brings-phishing-resistant-sign-in-to-windows/

A newly discovered botnet malware called KadNap is targeting ...

2026-03-10T15:02:11Z

A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

https://www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) ...

2026-03-10T11:36:28Z

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

https://www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/

Microsoft will turn on hotpatch security updates by default for ...

2026-03-10T10:35:47Z

Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enable-hotpatch-security-updates-by-default-in-may/

The Russian state-sponsored APT28 threat group is using a custom ...

2026-03-10T10:00:14Z

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

https://www.bleepingcomputer.com/news/security/apt28-hackers-deploy-customized-variant-of-covenant-open-source-tool/

Hackers contacted employees at financial and healthcare ...

2026-03-09T22:50:51Z

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/

Hackers are increasingly exploiting newly disclosed ...

2026-03-09T21:45:50Z

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

https://www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/

Russian state-sponsored hackers have been linked to an ongoing ...

2026-03-09T21:25:03Z

Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages.

https://www.bleepingcomputer.com/news/security/dutch-govt-warns-of-signal-whatsapp-account-hijacking-attacks/

Ericsson Inc., the U.S. subsidiary of Swedish networking and ...

2026-03-09T19:08:04Z

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

https://www.bleepingcomputer.com/news/security/ericsson-us-discloses-data-breach-after-service-provider-hack/

Microsoft says Teams will soon automatically tag third-party bots ...

2026-03-09T17:13:03Z

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings.

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-will-tag-third-party-bots-in-meeting-lobbies/

Salesforce is warning customers that hackers are targeting ...

2026-03-09T17:12:36Z

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/

The Federal Bureau of Investigation (FBI) warns that criminals ...

2026-03-09T15:31:05Z

The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits.

https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/

Microsoft has confirmed that it's still working to fully ...

2026-03-09T14:10:32Z

Microsoft has confirmed that it's still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some Windows 11 systems.

https://www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-windows-explorer-white-flashes/

Athanasios Rantos, the Advocate General of the Court of Justice ...

2026-03-08T15:27:13Z

Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault.

https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/

Threat actors are abusing the special-use ".arpa" domain ...

2026-03-08T14:15:16Z

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways.

https://www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/

Ransomware threat actors tracked as Velvet Tempest are using the ...

2026-03-07T16:15:12Z

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

https://www.bleepingcomputer.com/news/security/termite-ransomware-breaches-linked-to-clickfix-castlerat-attacks/

Microsoft says threat actors are increasingly using artificial ...

2026-03-07T15:18:11Z

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack.

https://www.bleepingcomputer.com/news/security/microsoft-hackers-abusing-ai-at-every-stage-of-cyberattacks/

TriZetto Provider Solutions, a healthcare IT company that ...

2026-03-06T19:50:36Z

TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people.

https://www.bleepingcomputer.com/news/security/cognizant-trizetto-breach-exposes-health-data-of-34-million-patients/

Microsoft will soon begin rolling out a significant upgrade to ...

2026-03-06T14:21:24Z

Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders.

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-backup-to-add-file-level-restore-for-faster-recovery/

A Ghanaian national pleaded guilty to his role in a massive fraud ...

2026-03-06T10:08:13Z

A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the United States through business email compromise attacks and romance scams.

https://www.bleepingcomputer.com/news/security/ghanain-man-pleads-guilty-to-role-in-100-million-fraud-ring/

A China-linked advanced persistent threat actor tracked as ...

2026-03-05T23:20:03Z

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices.

https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-telcos-with-new-malware-toolkit/

The Wikimedia Foundation suffered a security incident today after ...

2026-03-05T20:42:41Z

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

https://www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/

Hackers are exploiting a critical vulnerability in the User ...

2026-03-05T18:45:11Z

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.

https://www.bleepingcomputer.com/news/security/wordpress-membership-plugin-bug-exploited-to-create-admin-accounts/

A U.S. government contractor's son, accused of stealing ...

2026-03-05T18:36:32Z

A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin.

https://www.bleepingcomputer.com/news/security/fbi-arrests-suspect-linked-to-46m-crypto-theft-from-us-marshals/

Google Threat Intelligence Group (GTIG) tracked 90 zero-day ...

2026-03-05T15:03:57Z

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.

https://www.bleepingcomputer.com/news/security/google-says-90-zero-days-were-exploited-in-attacks-last-year/

Spanish and Ukrainian law enforcement authorities dismantled a ...

2026-03-05T12:39:33Z

Spanish and Ukrainian law enforcement authorities dismantled a criminal ring that exploited war-displaced Ukrainian women to run an online gambling scheme that laundered nearly €4.75 million in illicit proceeds.

https://www.bleepingcomputer.com/news/security/police-dismantles-online-gambling-ring-exploiting-ukrainian-women/

Cisco has flagged two more Catalyst SD-WAN Manager security ...

2026-03-05T10:32:34Z

Cisco has flagged two more Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices.

https://www.bleepingcomputer.com/news/security/cisco-flags-more-sd-wan-flaws-as-actively-exploited-in-attacks/

A Russian national pleaded guilty to a wire fraud conspiracy ...

2026-03-05T08:34:57Z

A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide.

https://www.bleepingcomputer.com/news/security/phobos-ransomware-admin-pleads-guilty-to-wire-fraud-conspiracy/

Bitwarden announced support for logging into Windows 11 devices ...

2026-03-04T22:35:11Z

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication.

https://www.bleepingcomputer.com/news/security/bitwarden-adds-support-for-passkey-login-on-windows-11/

A maximum severity vulnerability in the FreeScout helpdesk ...

2026-03-04T21:51:46Z

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

https://www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/

Microsoft has released the KB5075039 Windows Recovery Environment ...

2026-03-04T21:03:55Z

Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment.

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5075039-update-fixes-broken-recovery-environment/

Password management software provider LastPass is warning users ...

2026-03-04T20:44:37Z

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts.

https://www.bleepingcomputer.com/news/security/fake-lastpass-support-email-threads-try-to-steal-vault-passwords/

Cisco has released security updates to patch two maximum-severity ...

2026-03-04T19:12:55Z

Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.

https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/

A previously undocumented set of 23 iOS exploits named ...

2026-03-04T19:06:26Z

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.

https://www.bleepingcomputer.com/news/security/spyware-grade-coruna-ios-exploit-kit-now-used-in-crypto-theft-attacks/

Customers of restaurants using the HungerRush point-of-sale (POS) ...

2026-03-04T18:44:29Z

Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond.

https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/

The FBI has seized the LeakBase cybercrime forum, a major online ...

2026-03-04T17:45:02Z

The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

https://www.bleepingcomputer.com/news/security/fbi-seizes-leakbase-cybercrime-forum-data-of-142-000-members/

An international law enforcement operation coordinated by Europol ...

2026-03-04T17:01:40Z

An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month.

https://www.bleepingcomputer.com/news/security/europol-coordinated-action-disrupts-tycoon2fa-phishing-platform/

The University of Mississippi Medical Center (UMMC) says it has ...

2026-03-04T15:29:09Z

The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems.

https://www.bleepingcomputer.com/news/security/mississippi-medical-center-reopens-clinics-hit-by-ransomware-attack/

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

2026-03-03T23:40:51Z

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

https://www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/

The multinational Dutch paint company AkzoNobel has confirmed to ...

2026-03-03T23:01:07Z

The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites.

https://www.bleepingcomputer.com/news/security/paint-maker-giant-akzonobel-confirms-cyberattack-on-us-site/

Social media giant Facebook is currently experiencing a massive ...

2026-03-03T22:39:09Z

Social media giant Facebook is currently experiencing a massive worldwide outage, preventing users from accessing their accounts.

https://www.bleepingcomputer.com/news/technology/facebook-hit-with-worldwide-outage-stating-accounts-are-unavailable/

Hackers are abusing the legitimate OAuth redirection mechanism to ...

2026-03-03T20:59:33Z

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.

https://www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/

Google Chrome will shift from a four-week to a two-week release ...

2026-03-03T17:24:28Z

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently.

https://www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/

American data analytics company LexisNexis Legal & ...

2026-03-03T15:41:03Z

American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

https://www.bleepingcomputer.com/news/security/lexisnexis-confirms-data-breach-as-hackers-leak-stolen-files/

Amazon has confirmed that three Amazon Web Services (AWS) data ...

2026-03-03T11:45:00Z

Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is still affecting dozens of cloud computing services.

https://www.bleepingcomputer.com/news/technology/amazon-drone-strikes-damaged-aws-data-centers-in-middle-east/

Cloud Imperium Games, the game company behind Star Citizen and ...

2026-03-03T10:50:39Z

Cloud Imperium Games, the game company behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January.

https://www.bleepingcomputer.com/news/security/star-citizen-game-dev-discloses-breach-affecting-user-data/

The University of Hawaii confirmed that a ransomware gang stole ...

2026-03-03T09:49:04Z

The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center's Epidemiology Division.

https://www.bleepingcomputer.com/news/security/university-of-hawaii-cancer-center-ransomware-attack-affects-nearly-12-million-people/

Google has released security updates to patch 129 Android ...

2026-03-03T08:20:09Z

Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.

https://www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/

Researchers warn that a newly identified open-source AI security ...

2026-03-03T00:06:54Z

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls.

https://www.bleepingcomputer.com/news/security/cyberstrikeai-tool-adopted-by-hackers-for-ai-powered-attacks/

A phishing campaign is using a fake Google Account security page ...

2026-03-02T20:23:55Z

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers.

https://www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/

A 22-year-old Alabama man pleaded guilty to extortion, ...

2026-03-02T18:54:50Z

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors).

https://www.bleepingcomputer.com/news/security/alabama-man-pleads-guilty-to-hacking-extorting-hundreds-of-women/

A Florida woman was sentenced to 22 months in prison for running ...

2026-03-02T17:30:26Z

A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels.

https://www.bleepingcomputer.com/news/security/florida-woman-imprisoned-for-massive-microsoft-license-fraud-scheme/

The United Kingdom's National Cyber Security Centre (NCSC) ...

2026-03-02T15:54:48Z

The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East.

https://www.bleepingcomputer.com/news/security/uk-warns-of-iranian-cyberattack-risks-amid-middle-east-conflict/

Claude appears to be having a major outage right now, with ...

2026-03-02T12:23:13Z

Claude appears to be having a major outage right now, with elevated errors reported across all platforms.

https://www.bleepingcomputer.com/news/artificial-intelligence/anthropic-confirms-claude-is-down-in-a-worldwide-outage/

Security researchers have disclosed a high-severity vulnerability ...

2026-03-01T21:45:13Z

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it.

https://www.bleepingcomputer.com/news/security/clawjacked-attack-let-malicious-websites-hijack-openclaw-to-steal-data/

Samsung and the State of Texas have reached a settlement ...

2026-03-01T15:24:15Z

Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs

https://www.bleepingcomputer.com/news/security/samsung-tvs-to-stop-collecting-texans-data-without-express-consent/

A Chrome extension named "QuickLens - Search Screen with ...

2026-02-28T19:19:07Z

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users.

https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/

South Korea's National Tax Service accidentally exposed the ...

2026-02-28T15:18:13Z

South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency.

https://www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/

Microsoft is rolling out new Windows 11 Insider Preview builds ...

2026-02-27T20:00:40Z

Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution.

https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-windows-11-batch-file-security-improvements/

North Korean hackers are deploying newly uncovered tools to move ...

2026-02-27T19:21:39Z

North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

A yearlong Europol-coordinated operation dubbed "Project ...

2026-02-27T18:20:29Z

A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers.

https://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

2026-02-27T15:57:58Z

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.

https://www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/

A Ukrainian man has pleaded guilty to operating OnlyFake, an ...

2026-02-27T12:30:19Z

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide.

https://www.bleepingcomputer.com/news/security/ukrainian-man-pleads-guilty-to-running-ai-powered-fake-id-site/

Google API keys for services like Maps embedded in accessible ...

2026-02-26T20:55:43Z

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data.

https://www.bleepingcomputer.com/news/security/previously-harmless-google-api-keys-now-expose-gemini-ai-data/

Trend Micro has patched two critical Apex One vulnerabilities ...

2026-02-26T17:58:42Z

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems.

https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities/

DIY store chain ManoMano is notifying customers of a data breach ...

2026-02-26T17:35:36Z

DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider.

https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

A critical vulnerability in the Junos OS Evolved network ...

2026-02-26T16:42:25Z

A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges.

https://www.bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/

French professional football club Olympique de Marseille has ...

2026-02-26T16:11:46Z

French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club's systems earlier this month.

https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

The number of ransomware victims paying threat actors has dropped ...

2026-02-26T14:01:14Z

The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks.

https://www.bleepingcomputer.com/news/security/ransomware-payment-rate-drops-to-record-low-despite-attack-surge/

Microsoft now allows more enterprise users to restore their ...

2026-02-26T13:04:22Z

Microsoft now allows more enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device.

https://www.bleepingcomputer.com/news/security/microsoft-expands-windows-restore-to-more-enterprise-devices/

New York Attorney General Letitia James sued video game developer ...

2026-02-26T11:45:03Z

New York Attorney General Letitia James sued video game developer and publisher Valve Corporation for using game loot boxes to facilitate illegal gambling activities among children and teenagers.

https://www.bleepingcomputer.com/news/gaming/new-york-sues-valve-for-promoting-illegal-gambling-via-game-loot-boxes/

American manufacturer of medical devices, UFP Technologies, has ...

2026-02-25T23:02:29Z

American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data.

https://www.bleepingcomputer.com/news/security/medical-device-maker-ufp-technologies-warns-of-data-stolen-in-cyberattack/

The Microsoft Defender team has discovered a coordinated campaign ...

2026-02-25T21:47:26Z

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests.

https://www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/

Nostr notes by BleepingComputer

Microsoft has released an emergency update to address a major ...

The FBI has seized two websites used by the Handala hacktivist ...

Ubiquiti patched two UniFi Network Application vulnerabilities, ...

Last week's cyberattack on medical technology giant Stryker ...

​Microsoft has removed the Samsung Galaxy Connect app from the ...

OpenAI told BleepingComputer that ChatGPT ads on Free and Go ...

A new open-source tool called Betterleaks can scan directories, ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK ...

The FBI is asking gamers who installed Steam titles containing ...

Poland's National Centre for Nuclear Research (NCBJ) says ...

An international law enforcement action codenamed "Operation ...

A threat actor tracked as Storm-2561 is distributing fake ...

Starbucks has disclosed a data breach affecting hundreds of ...

Google has released emergency security updates to patch two ...

Still, out of an abundance of caution, Loblaw says it has ...

A new malware strain dubbed Slopoly, likely created using ...

Data protection company Veeam Software has patched multiple flaws ...

Law enforcement agencies in the U.S. and Europe along with ...

​Apple has released security updates to patch older iPhones and ...

Leading medical technology company Stryker has been hit by a ...

Meta is introducing new anti-scam protections across its ...

For more than a year, a Russian-speaking threat actor targeted ...

A new Android malware named BeatBanker can hijack devices and ...

Microsoft has released the Windows 10 KB5078885 extended security ...

Today is Microsoft's March 2026 Patch Tuesday with security ...

Microsoft has released Windows 11 KB5079473 and KB5078883 ...

Hewlett Packard Enterprise (HPE) has patched multiple security ...

Microsoft is rolling out passkey support for Microsoft Entra on ...

A newly discovered botnet malware called KadNap is targeting ...

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) ...

Microsoft will turn on hotpatch security updates by default for ...

The Russian state-sponsored APT28 threat group is using a custom ...

Hackers contacted employees at financial and healthcare ...

Hackers are increasingly exploiting newly disclosed ...

Russian state-sponsored hackers have been linked to an ongoing ...

Ericsson Inc., the U.S. subsidiary of Swedish networking and ...

Microsoft says Teams will soon automatically tag third-party bots ...

Salesforce is warning customers that hackers are targeting ...

The Federal Bureau of Investigation (FBI) warns that criminals ...

Microsoft has confirmed that it's still working to fully ...

Athanasios Rantos, the Advocate General of the Court of Justice ...

Threat actors are abusing the special-use ".arpa" domain ...

Ransomware threat actors tracked as Velvet Tempest are using the ...

Microsoft says threat actors are increasingly using artificial ...

TriZetto Provider Solutions, a healthcare IT company that ...

Microsoft will soon begin rolling out a significant upgrade to ...

A Ghanaian national pleaded guilty to his role in a massive fraud ...

A China-linked advanced persistent threat actor tracked as ...

The Wikimedia Foundation suffered a security incident today after ...

Hackers are exploiting a critical vulnerability in the User ...

​A U.S. government contractor's son, accused of stealing ...

Google Threat Intelligence Group (GTIG) tracked 90 zero-day ...

Spanish and Ukrainian law enforcement authorities dismantled a ...

​Cisco has flagged two more Catalyst SD-WAN Manager security ...

A Russian national pleaded guilty to a wire fraud conspiracy ...

Bitwarden announced support for logging into Windows 11 devices ...

A maximum severity vulnerability in the FreeScout helpdesk ...

Microsoft has released the KB5075039 Windows Recovery Environment ...

Password management software provider LastPass is warning users ...

Cisco has released security updates to patch two maximum-severity ...

A previously undocumented set of 23 iOS exploits named ...

Customers of restaurants using the HungerRush point-of-sale (POS) ...

The FBI has seized the LeakBase cybercrime forum, a major online ...

An international law enforcement operation coordinated by Europol ...

The University of Mississippi Medical Center (UMMC) says it has ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

The multinational Dutch paint company AkzoNobel has confirmed to ...

Social media giant Facebook is currently experiencing a massive ...

Hackers are abusing the legitimate OAuth redirection mechanism to ...

Google Chrome will shift from a four-week to a two-week release ...

American data analytics company LexisNexis Legal & ...

Amazon has confirmed that three Amazon Web Services (AWS) data ...

Cloud Imperium Games, the game company behind Star Citizen and ...

The University of Hawaii confirmed that a ransomware gang stole ...

Google has released security updates to patch 129 Android ...

Researchers warn that a newly identified open-source AI security ...

A phishing campaign is using a fake Google Account security page ...

A 22-year-old Alabama man pleaded guilty to extortion, ...

A Florida woman was sentenced to 22 months in prison for running ...

Microsoft has removed the Samsung Galaxy Connect app from the ...

Apple has released security updates to patch older iPhones and ...

A U.S. government contractor's son, accused of stealing ...

Cisco has flagged two more Catalyst SD-WAN Manager security ...