Category: Bleeping Computer

Hewlett Packard Enterprise HPE
18
Dec
2025

HPE warns of maximum severity RCE flaw in OneView software

Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code…

Share: X : HPE warns of maximum severity RCE flaw in OneView softwareFacebook : HPE warns of maximum severity RCE flaw in OneView softwareLinkedin : HPE warns of maximum severity RCE flaw in OneView softwareReddit : HPE warns of maximum severity RCE flaw in OneView softwareTelegram : HPE warns of maximum severity RCE flaw in OneView softwareWhatsApp : HPE warns of maximum severity RCE flaw in OneView softwareEmail : HPE warns of maximum severity RCE flaw in OneView software
Windows
18
Dec
2025

Recent Windows updates break RemoteApp connections

Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices…

Share: X : Recent Windows updates break RemoteApp connectionsFacebook : Recent Windows updates break RemoteApp connectionsLinkedin : Recent Windows updates break RemoteApp connectionsReddit : Recent Windows updates break RemoteApp connectionsTelegram : Recent Windows updates break RemoteApp connectionsWhatsApp : Recent Windows updates break RemoteApp connectionsEmail : Recent Windows updates break RemoteApp connections
Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
18
Dec
2025

Ongoing cryptomining campaign uses hacked AWS accounts

Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service…

Share: X : Ongoing cryptomining campaign uses hacked AWS accountsFacebook : Ongoing cryptomining campaign uses hacked AWS accountsLinkedin : Ongoing cryptomining campaign uses hacked AWS accountsReddit : Ongoing cryptomining campaign uses hacked AWS accountsTelegram : Ongoing cryptomining campaign uses hacked AWS accountsWhatsApp : Ongoing cryptomining campaign uses hacked AWS accountsEmail : Ongoing cryptomining campaign uses hacked AWS accounts
Zeroday Cloud hacking event awards $320,0000 for 11 zero days
18
Dec
2025

Zeroday Cloud hacking event awards $320,0000 for 11 zero days

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used…

Share: X : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysFacebook : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysLinkedin : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysReddit : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysTelegram : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysWhatsApp : Zeroday Cloud hacking event awards $320,0000 for 11 zero daysEmail : Zeroday Cloud hacking event awards $320,0000 for 11 zero days
France
18
Dec
2025

France arrests suspect tied to cyberattack on Interior Ministry

French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France’s Ministry of the Interior earlier this…

Share: X : France arrests suspect tied to cyberattack on Interior MinistryFacebook : France arrests suspect tied to cyberattack on Interior MinistryLinkedin : France arrests suspect tied to cyberattack on Interior MinistryReddit : France arrests suspect tied to cyberattack on Interior MinistryTelegram : France arrests suspect tied to cyberattack on Interior MinistryWhatsApp : France arrests suspect tied to cyberattack on Interior MinistryEmail : France arrests suspect tied to cyberattack on Interior Ministry
WhatsApp device linking abused in account hijacking attacks ?
17
Dec
2025

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing….

Share: X : WhatsApp device linking abused in account hijacking attacksFacebook : WhatsApp device linking abused in account hijacking attacksLinkedin : WhatsApp device linking abused in account hijacking attacksReddit : WhatsApp device linking abused in account hijacking attacksTelegram : WhatsApp device linking abused in account hijacking attacksWhatsApp : WhatsApp device linking abused in account hijacking attacksEmail : WhatsApp device linking abused in account hijacking attacks
Cisco
17
Dec
2025

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

​Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG)…

Share: X : Cisco warns of unpatched AsyncOS zero-day exploited in attacksFacebook : Cisco warns of unpatched AsyncOS zero-day exploited in attacksLinkedin : Cisco warns of unpatched AsyncOS zero-day exploited in attacksReddit : Cisco warns of unpatched AsyncOS zero-day exploited in attacksTelegram : Cisco warns of unpatched AsyncOS zero-day exploited in attacksWhatsApp : Cisco warns of unpatched AsyncOS zero-day exploited in attacksEmail : Cisco warns of unpatched AsyncOS zero-day exploited in attacks
SonicWall
17
Dec
2025

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in…

Share: X : Sonicwall warns of new SMA1000 zero-day exploited in attacksFacebook : Sonicwall warns of new SMA1000 zero-day exploited in attacksLinkedin : Sonicwall warns of new SMA1000 zero-day exploited in attacksReddit : Sonicwall warns of new SMA1000 zero-day exploited in attacksTelegram : Sonicwall warns of new SMA1000 zero-day exploited in attacksWhatsApp : Sonicwall warns of new SMA1000 zero-day exploited in attacksEmail : Sonicwall warns of new SMA1000 zero-day exploited in attacks
Critical React2Shell flaw exploited in ransomware attacks
17
Dec
2025

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting…

Share: X : Critical React2Shell flaw exploited in ransomware attacksFacebook : Critical React2Shell flaw exploited in ransomware attacksLinkedin : Critical React2Shell flaw exploited in ransomware attacksReddit : Critical React2Shell flaw exploited in ransomware attacksTelegram : Critical React2Shell flaw exploited in ransomware attacksWhatsApp : Critical React2Shell flaw exploited in ransomware attacksEmail : Critical React2Shell flaw exploited in ransomware attacks
MFA Thumbprint
17
Dec
2025

Your MFA Is Costing You Millions. It Doesn’t Have To.

Token’s Wireless Biometrics Pay for Themselves Starting Day One For nearly twenty years enterprises have been told the same thing….

Share: X : Your MFA Is Costing You Millions. It Doesn’t Have To.Facebook : Your MFA Is Costing You Millions. It Doesn’t Have To.Linkedin : Your MFA Is Costing You Millions. It Doesn’t Have To.Reddit : Your MFA Is Costing You Millions. It Doesn’t Have To.Telegram : Your MFA Is Costing You Millions. It Doesn’t Have To.WhatsApp : Your MFA Is Costing You Millions. It Doesn’t Have To.Email : Your MFA Is Costing You Millions. It Doesn’t Have To.
Windows
17
Dec
2025

Microsoft asks IT admins to reach out for Windows IIS failures fix

Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a known Message Queuing (MSMQ) issue causing enterprise apps and…

Share: X : Microsoft asks IT admins to reach out for Windows IIS failures fixFacebook : Microsoft asks IT admins to reach out for Windows IIS failures fixLinkedin : Microsoft asks IT admins to reach out for Windows IIS failures fixReddit : Microsoft asks IT admins to reach out for Windows IIS failures fixTelegram : Microsoft asks IT admins to reach out for Windows IIS failures fixWhatsApp : Microsoft asks IT admins to reach out for Windows IIS failures fixEmail : Microsoft asks IT admins to reach out for Windows IIS failures fix
Cellik Android malware builds malicious versions from Google Play apps
17
Dec
2025

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities…

Share: X : Cellik Android malware builds malicious versions from Google Play appsFacebook : Cellik Android malware builds malicious versions from Google Play appsLinkedin : Cellik Android malware builds malicious versions from Google Play appsReddit : Cellik Android malware builds malicious versions from Google Play appsTelegram : Cellik Android malware builds malicious versions from Google Play appsWhatsApp : Cellik Android malware builds malicious versions from Google Play appsEmail : Cellik Android malware builds malicious versions from Google Play apps