Cloudflare now blocks all unencrypted traffic to its API endpoints
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. The move prevents unencrypted API requests…
Category: Bleeping Computer
FBI warnings are true—fake file converters do push malware
The FBI is warning that fake online document converters are being used to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims’…
Microsoft Trust Signing service abused to code-sign malware
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can…
Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.…
Oracle denies breach after hacker claims theft of 6 million data records
Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company’s Oracle Cloud federated…
Exchange Online bug mistakenly quarantines user emails
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. According to a new incident report added to the Microsoft…
Fake Semrush ads used to steal SEO professionals’ Google accounts
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO…
US removes sanctions against Tornado Cash crypto mixer
The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder…
Steam pulls game demo infecting Windows with info-stealing malware
Valve has removed from its Steam store the game title ‘Sniper: Phantom’s Resolution’ following multiple users reporting that the demo installer infected their systems with information…
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. The flaw was disclosed…
CISA tags NAKIVO backup flaw as actively exploited in attacks
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248,…
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded…