Category: Bleeping Computer

Okta
23
Jan
2026

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these…

Share: X : Okta SSO accounts targeted in vishing-based data theft attacksFacebook : Okta SSO accounts targeted in vishing-based data theft attacksLinkedin : Okta SSO accounts targeted in vishing-based data theft attacksReddit : Okta SSO accounts targeted in vishing-based data theft attacksTelegram : Okta SSO accounts targeted in vishing-based data theft attacksWhatsApp : Okta SSO accounts targeted in vishing-based data theft attacksEmail : Okta SSO accounts targeted in vishing-based data theft attacks
SmarterMail auth bypass flaw now exploited to hijack admin accounts
22
Jan
2026

SmarterMail auth bypass flaw now exploited to hijack admin accounts

Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords….

Share: X : SmarterMail auth bypass flaw now exploited to hijack admin accountsFacebook : SmarterMail auth bypass flaw now exploited to hijack admin accountsLinkedin : SmarterMail auth bypass flaw now exploited to hijack admin accountsReddit : SmarterMail auth bypass flaw now exploited to hijack admin accountsTelegram : SmarterMail auth bypass flaw now exploited to hijack admin accountsWhatsApp : SmarterMail auth bypass flaw now exploited to hijack admin accountsEmail : SmarterMail auth bypass flaw now exploited to hijack admin accounts
curl
22
Jan
2026

Curl ending bug bounty program after flood of AI slop reports

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug…

Share: X : Curl ending bug bounty program after flood of AI slop reportsFacebook : Curl ending bug bounty program after flood of AI slop reportsLinkedin : Curl ending bug bounty program after flood of AI slop reportsReddit : Curl ending bug bounty program after flood of AI slop reportsTelegram : Curl ending bug bounty program after flood of AI slop reportsWhatsApp : Curl ending bug bounty program after flood of AI slop reportsEmail : Curl ending bug bounty program after flood of AI slop reports
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
22
Jan
2026

INC ransomware opsec fail allowed data recovery for 12 US orgs

An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations….

Share: X : INC ransomware opsec fail allowed data recovery for 12 US orgsFacebook : INC ransomware opsec fail allowed data recovery for 12 US orgsLinkedin : INC ransomware opsec fail allowed data recovery for 12 US orgsReddit : INC ransomware opsec fail allowed data recovery for 12 US orgsTelegram : INC ransomware opsec fail allowed data recovery for 12 US orgsWhatsApp : INC ransomware opsec fail allowed data recovery for 12 US orgsEmail : INC ransomware opsec fail allowed data recovery for 12 US orgs
Microsoft Teams
22
Jan
2026

Microsoft Teams to add brand impersonation warnings to calls

Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate…

Share: X : Microsoft Teams to add brand impersonation warnings to callsFacebook : Microsoft Teams to add brand impersonation warnings to callsLinkedin : Microsoft Teams to add brand impersonation warnings to callsReddit : Microsoft Teams to add brand impersonation warnings to callsTelegram : Microsoft Teams to add brand impersonation warnings to callsWhatsApp : Microsoft Teams to add brand impersonation warnings to callsEmail : Microsoft Teams to add brand impersonation warnings to calls
Specops Laptop with a lock on the screen
22
Jan
2026

Why Active Directory password resets are surging in hybrid work

Back when everyone worked in the office, password resets were annoying but manageable. If someone forgot their credentials, they walked…

Share: X : Why Active Directory password resets are surging in hybrid workFacebook : Why Active Directory password resets are surging in hybrid workLinkedin : Why Active Directory password resets are surging in hybrid workReddit : Why Active Directory password resets are surging in hybrid workTelegram : Why Active Directory password resets are surging in hybrid workWhatsApp : Why Active Directory password resets are surging in hybrid workEmail : Why Active Directory password resets are surging in hybrid work
Mcrosoft
22
Jan
2026

Microsoft updates Notepad and Paint with more AI features

Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows…

Share: X : Microsoft updates Notepad and Paint with more AI featuresFacebook : Microsoft updates Notepad and Paint with more AI featuresLinkedin : Microsoft updates Notepad and Paint with more AI featuresReddit : Microsoft updates Notepad and Paint with more AI featuresTelegram : Microsoft updates Notepad and Paint with more AI featuresWhatsApp : Microsoft updates Notepad and Paint with more AI featuresEmail : Microsoft updates Notepad and Paint with more AI features
Pwn2Own Automotive Tokyo
22
Jan
2026

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive

On the second day of Pwn2Own Automotive 2026, security researchers collected $439,250 in cash awards after exploiting 29 unique zero-days….

Share: X : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveFacebook : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveLinkedin : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveReddit : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveTelegram : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveWhatsApp : Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveEmail : Hackers exploit 29 zero-days on second day of Pwn2Own Automotive
Fortinet
22
Jan
2026

Hackers breach Fortinet FortiGate devices, steal firewall configs

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity…

Share: X : Hackers breach Fortinet FortiGate devices, steal firewall configsFacebook : Hackers breach Fortinet FortiGate devices, steal firewall configsLinkedin : Hackers breach Fortinet FortiGate devices, steal firewall configsReddit : Hackers breach Fortinet FortiGate devices, steal firewall configsTelegram : Hackers breach Fortinet FortiGate devices, steal firewall configsWhatsApp : Hackers breach Fortinet FortiGate devices, steal firewall configsEmail : Hackers breach Fortinet FortiGate devices, steal firewall configs
New Android malware uses AI to click on hidden browser ads
22
Jan
2026

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement…

Share: X : New Android malware uses AI to click on hidden browser adsFacebook : New Android malware uses AI to click on hidden browser adsLinkedin : New Android malware uses AI to click on hidden browser adsReddit : New Android malware uses AI to click on hidden browser adsTelegram : New Android malware uses AI to click on hidden browser adsWhatsApp : New Android malware uses AI to click on hidden browser adsEmail : New Android malware uses AI to click on hidden browser ads
Email spam
22
Jan
2026

Zendesk ticket systems hijacked in massive global spam wave

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving…

Share: X : Zendesk ticket systems hijacked in massive global spam waveFacebook : Zendesk ticket systems hijacked in massive global spam waveLinkedin : Zendesk ticket systems hijacked in massive global spam waveReddit : Zendesk ticket systems hijacked in massive global spam waveTelegram : Zendesk ticket systems hijacked in massive global spam waveWhatsApp : Zendesk ticket systems hijacked in massive global spam waveEmail : Zendesk ticket systems hijacked in massive global spam wave
Cisco
22
Jan
2026

Cisco fixes Unified Communications RCE zero day exploited in attacks

Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively…

Share: X : Cisco fixes Unified Communications RCE zero day exploited in attacksFacebook : Cisco fixes Unified Communications RCE zero day exploited in attacksLinkedin : Cisco fixes Unified Communications RCE zero day exploited in attacksReddit : Cisco fixes Unified Communications RCE zero day exploited in attacksTelegram : Cisco fixes Unified Communications RCE zero day exploited in attacksWhatsApp : Cisco fixes Unified Communications RCE zero day exploited in attacksEmail : Cisco fixes Unified Communications RCE zero day exploited in attacks