Panera warns of employee data breach after March ransomware attack
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware…
Category: Bleeping Computer
Toronto District School Board hit by a ransomware attack
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any…
Google patches exploited Android zero-day on Pixel devices
Update June 13, 13:01 EDT: GrapheneOS says CVE-2024-32896 is the same as CVE-2024-29748. Google added a new CVE ID to track the Pixel fix for CVE-2024-29748, a…
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in…
YouTube tests harder-to-block server-side ad injection in videos
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. The report comes from SponsorBlock,…
Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.…
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced…
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks…
CISA warns of criminals impersonating its employees in phone calls
Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential…
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms…
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from…
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate…