Nike investigates data breach after extortion gang leaks files
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen…
Category: Bleeping Computer
The psychology behind modern ransomware extortion
For years, security teams treated ransomware as a technological problem. Security teams hardened backup systems, deployed endpoint detection, practiced incident response playbooks built around data…
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. Cybersecurity company…
SoundCloud data breach impacts 29.8 million accounts
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems. SoundCloud was…
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. Researchers at…
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware.…
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The security feature bypass vulnerability, tracked as…
Cloudflare misconfiguration behind recent BGP route leak
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12…
EU launches investigation into X over Grok-generated sexual images
The European Commission announced today that it has launched formal proceedings under the Digital Services Act to investigate whether X properly assessed risks before deploying…
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils…
6 Okta security settings you might have overlooked
In today’s SaaS-first organizations, identity providers like Okta hold the digital keys to the kingdom. As organizations continue to consolidate their authentication through SSO platforms…
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. Collectively called PackageGate, the…