FTC finalizes order requiring GoDaddy to secure hosting services
The U.S. Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security…
Category: Bleeping Computer
Signal now blocks Microsoft Recall screenshots on Windows 11
Signal has updated its Windows app to protect users’ privacy by blocking Microsoft’s AI-powered Recall feature from taking screenshots of their conversations. This new privacy…
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. Three security issues,…
Critical Samlify SSO flaw lets attackers log in as admin
A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses.…
OpenAI hints at a big upgrade for ChatGPT Operator Agent
ChatGPT’s Operator, which is still in research preview, will soon become a “very useful tool,” according to Jerry Tworek, VP of Research at OpenAI. OpenAI…
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts…
Russia to enforce location tracking app on all foreigners in Moscow
The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. The new…
3AM ransomware uses spoofed IT calls, email bombing to breach networks
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for…
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide.…
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to…
A Security-First Approach to Closing Vulnerability Windows
Patching vulnerabilities is one of the most basic principles of cybersecurity — and one of the hardest to execute consistently and securely at scale. In…
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
Update 5/20/25 4:40 PM EST: In response to our questions about the attack, Dell states that the malicious RVTools installer was not distributed from its sites but…