Man arrested for demanding reward after accidental police data leak
Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless…
Category: Bleeping Computer
Eurail says stolen traveler data now up for sale on dark web
Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered…
Infostealer malware found stealing OpenClaw secrets for first time
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication…
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three…
Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start…
Canada Goose investigating as hackers leak 600K customer records
ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told…
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS…
Windows 11 KB5077181 fixes boot failures linked to failed updates
Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an “UNMOUNTABLE_BOOT_VOLUME” error after installing recent…
Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports that more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs are being used in an active malware campaign targeting global organizations. The…
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers…
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has…
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. At least two…