Max severity Argo CD API flaw leaks repository credentials
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the…
Category: Bleeping Computer
Financial services firm Wealthsimple discloses data breach
Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers…
Microsoft gives US students a free year of Microsoft 365 Personal
Microsoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal. For everyone else,…
Critical SAP S/4HANA vulnerability now exploited in attacks
A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. The flaw, tracked as CVE-2025-42957,…
Chess.com discloses recent data breach via file transfer app
Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. The incident occurred…
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState…
Texas sues PowerSchool over breach exposing 62M students, 880k Texans
Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the…
New TP-Link zero-day surfaces as CISA warns other flaws are exploited
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in…
France slaps Google with €325M fine for violating cookie regulations
The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. During…
Tire giant Bridgestone confirms cyberattack impacts manufacturing
Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. The company believes that its rapid response contained…
Microsoft says recent Windows updates cause app install issues
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported…
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. As discovered by…