Category: Bleeping Computer

Weakness in Google
21
Apr
2025

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered…

Share: X : Phishers abuse Google OAuth to spoof Google in DKIM replay attackFacebook : Phishers abuse Google OAuth to spoof Google in DKIM replay attackLinkedin : Phishers abuse Google OAuth to spoof Google in DKIM replay attackReddit : Phishers abuse Google OAuth to spoof Google in DKIM replay attackTelegram : Phishers abuse Google OAuth to spoof Google in DKIM replay attackWhatsApp : Phishers abuse Google OAuth to spoof Google in DKIM replay attackEmail : Phishers abuse Google OAuth to spoof Google in DKIM replay attack
Monitors
21
Apr
2025

WordPress ad-fraud plugins generated 1.4 billion ad requests per day

A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that…

Share: X : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayFacebook : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayLinkedin : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayReddit : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayTelegram : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayWhatsApp : WordPress ad-fraud plugins generated 1.4 billion ad requests per dayEmail : WordPress ad-fraud plugins generated 1.4 billion ad requests per day
Microsoft with a red background
20
Apr
2025

Widespread Microsoft Entra lockouts tied to new security feature rollout

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft…

Share: X : Widespread Microsoft Entra lockouts tied to new security feature rolloutFacebook : Widespread Microsoft Entra lockouts tied to new security feature rolloutLinkedin : Widespread Microsoft Entra lockouts tied to new security feature rolloutReddit : Widespread Microsoft Entra lockouts tied to new security feature rolloutTelegram : Widespread Microsoft Entra lockouts tied to new security feature rolloutWhatsApp : Widespread Microsoft Entra lockouts tied to new security feature rolloutEmail : Widespread Microsoft Entra lockouts tied to new security feature rollout
Stopwatch
20
Apr
2025

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute…

Share: X : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowFacebook : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowLinkedin : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowReddit : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowTelegram : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowWhatsApp : Critical Erlang/OTP SSH RCE bug now has public exploits, patch nowEmail : Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Credit Cards
20
Apr
2025

New Android malware steals your credit cards for NFC relay attacks

A new malware-as-a-service (MaaS) platform named ‘SuperCard X’ has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale…

Share: X : New Android malware steals your credit cards for NFC relay attacksFacebook : New Android malware steals your credit cards for NFC relay attacksLinkedin : New Android malware steals your credit cards for NFC relay attacksReddit : New Android malware steals your credit cards for NFC relay attacksTelegram : New Android malware steals your credit cards for NFC relay attacksWhatsApp : New Android malware steals your credit cards for NFC relay attacksEmail : New Android malware steals your credit cards for NFC relay attacks
Gemini AI
19
Apr
2025

Google Gemini AI is getting ChatGPT-like Scheduled Actions feature

Google Gemini is testing a ChatGPT-like scheduled tasks feature called “Scheduled Actions,” which will allow you to automate tasks. As…

Share: X : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureFacebook : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureLinkedin : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureReddit : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureTelegram : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureWhatsApp : Google Gemini AI is getting ChatGPT-like Scheduled Actions featureEmail : Google Gemini AI is getting ChatGPT-like Scheduled Actions feature
ASUS
18
Apr
2025

ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform…

Share: X : ASUS warns of critical auth bypass flaw in routers using AiCloudFacebook : ASUS warns of critical auth bypass flaw in routers using AiCloudLinkedin : ASUS warns of critical auth bypass flaw in routers using AiCloudReddit : ASUS warns of critical auth bypass flaw in routers using AiCloudTelegram : ASUS warns of critical auth bypass flaw in routers using AiCloudWhatsApp : ASUS warns of critical auth bypass flaw in routers using AiCloudEmail : ASUS warns of critical auth bypass flaw in routers using AiCloud
Hacker
18
Apr
2025

Interlock ransomware gang pushes fake IT tools in ClickFix attacks

The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on…

Share: X : Interlock ransomware gang pushes fake IT tools in ClickFix attacksFacebook : Interlock ransomware gang pushes fake IT tools in ClickFix attacksLinkedin : Interlock ransomware gang pushes fake IT tools in ClickFix attacksReddit : Interlock ransomware gang pushes fake IT tools in ClickFix attacksTelegram : Interlock ransomware gang pushes fake IT tools in ClickFix attacksWhatsApp : Interlock ransomware gang pushes fake IT tools in ClickFix attacksEmail : Interlock ransomware gang pushes fake IT tools in ClickFix attacks
ChatGPT
18
Apr
2025

OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits

OpenAI has launched three new reasoning models – o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it…

Share: X : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsFacebook : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsLinkedin : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsReddit : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsTelegram : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsWhatsApp : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsEmail : OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits
FBI
18
Apr
2025

Scammers pose as FBI IC3 employees to ‘help’ recover lost funds

The FBI warns that scammers impersonating FBI Internet Crime Complaint Center (IC3) employees offer to “help” fraud victims recover money lost…

Share: X : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsFacebook : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsLinkedin : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsReddit : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsTelegram : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsWhatsApp : Scammers pose as FBI IC3 employees to ‘help’ recover lost fundsEmail : Scammers pose as FBI IC3 employees to ‘help’ recover lost funds
SonicWall
18
Apr
2025

SonicWall SMA VPN devices targeted in attacks since January

A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least…

Share: X : SonicWall SMA VPN devices targeted in attacks since JanuaryFacebook : SonicWall SMA VPN devices targeted in attacks since JanuaryLinkedin : SonicWall SMA VPN devices targeted in attacks since JanuaryReddit : SonicWall SMA VPN devices targeted in attacks since JanuaryTelegram : SonicWall SMA VPN devices targeted in attacks since JanuaryWhatsApp : SonicWall SMA VPN devices targeted in attacks since JanuaryEmail : SonicWall SMA VPN devices targeted in attacks since January
RAT malware
18
Apr
2025

Chinese hackers target Russian govt with upgraded RAT malware

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers…

Share: X : Chinese hackers target Russian govt with upgraded RAT malwareFacebook : Chinese hackers target Russian govt with upgraded RAT malwareLinkedin : Chinese hackers target Russian govt with upgraded RAT malwareReddit : Chinese hackers target Russian govt with upgraded RAT malwareTelegram : Chinese hackers target Russian govt with upgraded RAT malwareWhatsApp : Chinese hackers target Russian govt with upgraded RAT malwareEmail : Chinese hackers target Russian govt with upgraded RAT malware