bleepingcomputer

New FileFix attack weaponizes Windows File Explorer for stealthy commands

A new social engineering technique called FileFix has emerged as a variant of the ClickFix attack, leveraging the Windows File Explorer address bar to stealthily execute malicious PowerShell commands.

CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup

CoinMarketCap identified a supply chain vulnerability that allowed attackers to inject a malicious wallet drainer script into its homepage. The attack exploited a third-party API used to load a doodle image.

BitoPro exchange links Lazarus hackers to $11 million crypto heist

BitoPro, a Taiwanese cryptocurrency exchange, suffered a cyberattack on May 8, 2025, resulting in the theft of approximately $11 million in digital assets. The attack has been attributed to the North Korean state-sponsored Lazarus Group.

North Korean hackers deepfake execs in Zoom call to spread Mac malware

A new campaign by the North Korean APT group BlueNoroff (also known as TA444 or Sapphire Sleet) leverages deepfake videos of company executives during Zoom calls to distribute custom macOS malware.

Erie Insurance confirms cyberattack behind business disruptions

Erie Insurance and its management company, Erie Indemnity Company, have confirmed a cyberattack that caused significant business disruptions and service outages beginning on June 7.

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

Microsoft's June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day. Ten of the vulnerabilities are rated as Critical.

Malware found in NPM packages with 1 million weekly downloads

A major supply chain attack has compromised 16 popular Gluestack 'react-native-aria' packages on NPM, affecting nearly 960,000 weekly downloads. The attack involves the injection of obfuscated remote access trojan (RAT) code.

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked

Optima Tax Relief, a prominent U.S.-based tax resolution firm, has been targeted in a ransomware attack by the Chaos ransomware gang. The attackers employed a double-extortion strategy, encrypting servers and exfiltrating sensitive data.

Critical Fortinet flaws now exploited in Qilin ransomware attacks

Qilin RaaS is now exploiting two critical Fortinet vulnerabilities—CVE-2024-21762 and CVE-2024-55591—to bypass authentication and deploy ransomware. These impacted high-profile organizations and are currently targeting Spanish-speaking countries

Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers

A previously known data breach involving AT&T has resurfaced in a repackaged form, with threat actors re-releasing the stolen data from 2021. The updated dataset now includes decrypted Social Security Numbers and dates of birth.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags