New HTTP/2 DoS attack can crash web servers with a single connection
Newly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in…
Category: Bleeping Computer
6 Prompts You Don’t Want Employees Putting in Microsoft Copilot
Crowned the greatest productivity tool in the age of AI, Microsoft Copilot is a powerful asset for companies today. But with great power comes great…
Google fixes two Pixel zero-day flaws exploited by forensics firms
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within…
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack,…
Hosting firm’s VMware ESXi servers hit by new SEXi ransomware
Chilean data center and hosting provider IxMetro Powerhost has suffered a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypted…
Omni Hotels confirms cyberattack behind ongoing IT outage
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. In response to this incident, Omni…
SurveyLama data breach exposes info of 4.4 million users
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of…
Jackson County in state of emergency after ransomware attack
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. “Jackson County has confirmed a…
AT&T faces lawsuits over data breach affecting 73 million customers
AT&T is facing multiple class-action lawsuits following the company’s admission to a massive data breach that exposed the sensitive data of 73 million current and…
Google fixes one more Chrome zero-day exploited at Pwn2Own
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. Tracked as…
US State Department investigates alleged theft of government data
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. Acuity,…
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates…