Stryker attack wiped tens of thousands of devices, no malware needed
Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. The…
Category: Bleeping Computer
OpenAI says ChatGPT ads are not rolling out globally for now
OpenAI told BleepingComputer that ChatGPT ads are not yet rolling out outside the US, even though some users noticed references to ads in the updated…
Betterleaks, a new open-source secrets scanner to replace Gitleaks
A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are…
Veeam warns of critical flaws exposing backup servers to RCE attacks
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. VBR is…
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular…
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than…
England Hockey investigating ransomware data breach
England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a…
Canadian retail giant Loblaw notifies customers of data breach
Loblaw Companies Limited (Loblaw), the largest food and pharmacy retailer in Canada, announced that hackers breached a portion of its IT network and accessed basic…
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. “Google is aware that exploits for both CVE-2026-3909 &…
Starbucks discloses data breach affecting hundreds of employees
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. As the world’s largest…
Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. The attackers…
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency…