Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks…
Category: Bleeping Computer
Ericsson US discloses data breach after service provider hack
Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and…
ShinyHunters claims ongoing Salesforce Aura data theft attacks
Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However,…
Microsoft Teams will tag third-party bots trying to join meetings
Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. As detailed in a new…
Microsoft still working to fix Windows Explorer white flashes
Microsoft has confirmed that it’s still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some…
FBI warns of phishing attacks impersonating US city, county officials
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county…
Why Password Audits Miss the Accounts Attackers Actually Want
Password audits are a standard part of most security programs. They help organizations demonstrate compliance, reduce obvious risk, and confirm that basic controls are in…
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email…
EU court adviser says banks must immediately refund phishing victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account…
Google says 90 zero-days were exploited in attacks last year
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. The figure is…
FBI arrests suspect linked to $46M crypto theft from US Marshals
A U.S. government contractor’s son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island…
WordPress membership plugin bug exploited to create admin accounts
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. Developed by WPEverest,…