Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal…
Category: Bleeping Computer
Researcher reveals evidence of private Instagram profiles leaking photos
A security researcher has published detailed evidence showing that some Instagram private profiles returned links to user photos to unauthenticated visitors. Instagram’s private account feature…
Crypto wallets received a record $158 billion in illicit funds last year
Illegal cryptocurrency flows reached a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024.…
Operation Switch Off dismantles major pirate TV streaming services
The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. The operation, coordinated by Europol, Eurojust, and Interpol,…
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.…
Microsoft fixes Outlook bug blocking access to encrypted emails
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a December update. This bug affects users…
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. KB5074105…
Microsoft links Windows 11 boot failures to failed December 2025 update
Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025…
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are code-injection…
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials…
Google disrupts IPIDEA residential proxy networks fueled by malware
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration…
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. The…