The zero-day that could’ve compromised every Cursor and Windsurf user
A security researcher from Koi Security stumbled upon a critical zero-day buried deep in the infrastructure powering today’s AI coding tools. Had it been exploited,…
Category: Bleeping Computer
Windows 11 now uses JScript9Legacy engine for improved security
Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. The…
PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements…
Russian pro basketball player arrested for alleged role in ransomware attacks
Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware…
Best practices for passwords, MFA & access control
Imagine your organization has just won a contract to handle sensitive law-enforcement data – you might be a cloud provider, a software vendor, or an…
Four arrested in UK over M&S, Co-op, Harrod cyberattacks
The UK’s National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer,…
Microsoft Authenticator on iOS moves backups fully to iCloud
Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account…
Microsoft confirms Windows Server Update Services (WSUS) sync is broken
Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows…
Qantas confirms data breach impacts 5.7 million customers
Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers’ data. On…
Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. The tech giant recently extended…
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. In the letter sent…
New ServiceNow flaw lets attackers enumerate restricted data
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow…