Musician admits to $10M streaming royalty fraud using AI bots
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify,…
Category: Bleeping Computer
Bitrefill blames North Korean Lazarus group for cyberattack
Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of…
Navia discloses data breach impacting 2.7 million people
Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. An investigation into…
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.…
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
Hackers part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks…
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. Distributed over unofficial stores…
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). Zimbra is a very…
Aura confirms data breach exposing 900,000 marketing contacts
Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. The company states…
ConnectWise patches new flaw allowing ScreenConnect hijacking
ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. The flaw affects ScreenConnect versions before…
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. The technique relies on…
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Researchers…
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a…