Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states…
Category: Bleeping Computer
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts,…
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates…
NationStates confirms data breach, shuts down game site
NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. The government…
Exposed MongoDB instances still targeted in data extortion attacks
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. The attacker focuses…
New Apple privacy feature limits location tracking on iPhones, iPads
Apple is introducing a new privacy feature that lets users limit the precision of location data shared with cellular networks on some iPhone and iPad models. The…
OpenAI says you can trust ChatGPT answers, as it kicks off ads rollout preparation
OpenAI previously confirmed that it’s testing ads in ChatGPT for free and $8 Go accounts, and now we’re seeing early signs of that rollout, at least…
OpenAI is retiring famous GPT-4o model, says GPT 5.2 is good enough
OpenAI has confirmed that it’s retiring ChatGPT’s most popular model, called GPT-4o, and several other models, including GPT-5 Instant, GPT-5 Thinking, GPT-4.1, GPT-4.1 mini, and…
U.S. convicts ex-Google engineer for sending AI tech data to China
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing…
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos,…
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal…
Researcher reveals evidence of private Instagram profiles leaking photos
A security researcher has published detailed evidence showing that some Instagram private profiles returned links to user photos to unauthenticated visitors. Instagram’s private account feature…