Aura confirms data breach exposing 900,000 marketing contacts
Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. The company states…
Category: Bleeping Computer
ConnectWise patches new flaw allowing ScreenConnect hijacking
ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. The flaw affects ScreenConnect versions before…
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. The technique relies on…
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Researchers…
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a…
Europe sanctions Chinese and Iranian firms for cyberattacks
The Council of the European Union has sanctioned three Chinese and Iranian companies and two individuals for cyberattacks targeting devices and critical infrastructure. One of…
Top 5 Things CISOs Need to Do Today to Secure AI Agents
By Itamar Apelblat, Co-Founder and CEO, Token Security Agentic AI represents a once-in-a-generation shift in how organizations operate. AI agents are not copilots. They are…
UK’s Companies House confirms security flaw exposed business data
Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on…
CISA flags Wing FTP Server flaw as actively exploited in attacks
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution…
Stryker attack wiped tens of thousands of devices, no malware needed
Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. The…
OpenAI says ChatGPT ads are not rolling out globally for now
OpenAI told BleepingComputer that ChatGPT ads are not yet rolling out outside the US, even though some users noticed references to ads in the updated…
Betterleaks, a new open-source secrets scanner to replace Gitleaks
A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are…