bleepingcomputer

Passwordstate dev urges users to patch auth bypass vulnerability

Click Studios has issued an urgent advisory for users of its Passwordstate password manager to patch a high-severity authentication bypass vulnerability. Passwordstate is used by over 370,000 IT professionals across 29,000 organizations globally.

FreePBX servers hacked via zero-day, emergency fix released

In an advisory posted to the FreePBX forums, the Sangoma FreePBX Security Team warned that since August 21, hackers have been exploiting a zero-day vulnerability in exposed FreePBX administrator control panels.

Auchan retailer data breach impacts hundreds of thousands of customers

French multinational retailer Auchan has disclosed a significant data breach affecting several hundred thousand customers. The breach specifically impacted loyalty accounts, exposing personal data tied to these programs.

New AI attack hides data-theft prompts in downscaled images

An AI-based attack technique enables data theft by embedding malicious prompts within images. These prompts are revealed only after the images are downscaled by AI systems, allowing attackers to inject commands into LLMs without user awareness.

Surge in coordinated scans targets Microsoft RDP auth servers

A surge in coordinated scanning activity has been detected targeting Microsoft RDP Web Access and RDP Web Client authentication portals. This activity involves nearly 1,971 unique IP addresses.

Murky Panda hackers exploit cloud trust to hack downstream customers

Murky Panda has recently compromised cloud service providers to abuse their trusted access to customer environments. In one case, they exploited zero-day vulnerabilities to access a SaaS provider’s cloud infrastructure.

Dev gets 4 years for creating kill switch on ex-employer's systems

A software developer, Davis Lu, has been sentenced to four years in prison for deploying a kill switch and custom malware within the Windows production environment of a reportedly affected Ohio-based company.

Fake Mac fixes trick users into installing new Shamos infostealer

A new macOS infostealer malware named Shamos, developed by the cybercriminal group COOKIE SPIDER, is actively targeting Mac users through deceptive ClickFix attacks. Shamos is a variant of the Atomic macOS Stealer.

DaVita says ransomware gang stole data of nearly 2.7 million people

DaVita Inc., a leading kidney dialysis provider, has confirmed a ransomware attack that compromised the personal and health data of nearly 2.7 million individuals. The Interlock ransomware gang claimed responsibility.

Perplexity’s Comet AI browser tricked into buying fake items online

A recent study has revealed that agentic AI browsers, such as Perplexity’s Comet, are vulnerable to a range of cyberattacks including phishing, prompt injection, and fraudulent e-commerce schemes.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags