Category: Bleeping Computer

Microsoft
11
Dec
2025

Microsoft bounty program now includes any flaw impacting its services

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written…

Share: X : Microsoft bounty program now includes any flaw impacting its servicesFacebook : Microsoft bounty program now includes any flaw impacting its servicesLinkedin : Microsoft bounty program now includes any flaw impacting its servicesReddit : Microsoft bounty program now includes any flaw impacting its servicesTelegram : Microsoft bounty program now includes any flaw impacting its servicesWhatsApp : Microsoft bounty program now includes any flaw impacting its servicesEmail : Microsoft bounty program now includes any flaw impacting its services
Microsoft
11
Dec
2025

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without…

Share: X : New ConsentFix attack hijacks Microsoft accounts via Azure CLIFacebook : New ConsentFix attack hijacks Microsoft accounts via Azure CLILinkedin : New ConsentFix attack hijacks Microsoft accounts via Azure CLIReddit : New ConsentFix attack hijacks Microsoft accounts via Azure CLITelegram : New ConsentFix attack hijacks Microsoft accounts via Azure CLIWhatsApp : New ConsentFix attack hijacks Microsoft accounts via Azure CLIEmail : New ConsentFix attack hijacks Microsoft accounts via Azure CLI
Gogs
11
Dec
2025

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing…

Share: X : Hackers exploit unpatched Gogs zero-day to breach 700 serversFacebook : Hackers exploit unpatched Gogs zero-day to breach 700 serversLinkedin : Hackers exploit unpatched Gogs zero-day to breach 700 serversReddit : Hackers exploit unpatched Gogs zero-day to breach 700 serversTelegram : Hackers exploit unpatched Gogs zero-day to breach 700 serversWhatsApp : Hackers exploit unpatched Gogs zero-day to breach 700 serversEmail : Hackers exploit unpatched Gogs zero-day to breach 700 servers
Windows 11
11
Dec
2025

Microsoft fixes Windows Explorer white flashes in dark mode

Microsoft has fixed a known issue that caused bright white flashes when launching File Explorer in dark mode on Windows…

Share: X : Microsoft fixes Windows Explorer white flashes in dark modeFacebook : Microsoft fixes Windows Explorer white flashes in dark modeLinkedin : Microsoft fixes Windows Explorer white flashes in dark modeReddit : Microsoft fixes Windows Explorer white flashes in dark modeTelegram : Microsoft fixes Windows Explorer white flashes in dark modeWhatsApp : Microsoft fixes Windows Explorer white flashes in dark modeEmail : Microsoft fixes Windows Explorer white flashes in dark mode
Google Chrome
11
Dec
2025

Google fixes eighth Chrome zero-day exploited in attacks in 2025

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security…

Share: X : Google fixes eighth Chrome zero-day exploited in attacks in 2025Facebook : Google fixes eighth Chrome zero-day exploited in attacks in 2025Linkedin : Google fixes eighth Chrome zero-day exploited in attacks in 2025Reddit : Google fixes eighth Chrome zero-day exploited in attacks in 2025Telegram : Google fixes eighth Chrome zero-day exploited in attacks in 2025WhatsApp : Google fixes eighth Chrome zero-day exploited in attacks in 2025Email : Google fixes eighth Chrome zero-day exploited in attacks in 2025
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
11
Dec
2025

Google ads for shared ChatGPT, Grok guides push macOS infostealer malware

A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear…

Share: X : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareFacebook : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareLinkedin : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareReddit : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareTelegram : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareWhatsApp : Google ads for shared ChatGPT, Grok guides push macOS infostealer malwareEmail : Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
New DroidLock malware locks Android devices and demands a ransom
11
Dec
2025

New DroidLock malware locks Android devices and demands a ransom

A newly discovered Android malware dubbed DroidLock can lock victims’ screens for ransom and access text messages, call logs, contacts,…

Share: X : New DroidLock malware locks Android devices and demands a ransomFacebook : New DroidLock malware locks Android devices and demands a ransomLinkedin : New DroidLock malware locks Android devices and demands a ransomReddit : New DroidLock malware locks Android devices and demands a ransomTelegram : New DroidLock malware locks Android devices and demands a ransomWhatsApp : New DroidLock malware locks Android devices and demands a ransomEmail : New DroidLock malware locks Android devices and demands a ransom
Microsoft Teams
10
Dec
2025

Microsoft Teams to warn of suspicious traffic with external domains

Microsoft is working on a new Teams security feature that will analyze suspicious traffic with external domains to help IT…

Share: X : Microsoft Teams to warn of suspicious traffic with external domainsFacebook : Microsoft Teams to warn of suspicious traffic with external domainsLinkedin : Microsoft Teams to warn of suspicious traffic with external domainsReddit : Microsoft Teams to warn of suspicious traffic with external domainsTelegram : Microsoft Teams to warn of suspicious traffic with external domainsWhatsApp : Microsoft Teams to warn of suspicious traffic with external domainsEmail : Microsoft Teams to warn of suspicious traffic with external domains
Over 10,000 Docker Hub images found leaking credentials, auth keys
10
Dec
2025

Over 10,000 Docker Hub images found leaking credentials, auth keys

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD…

Share: X : Over 10,000 Docker Hub images found leaking credentials, auth keysFacebook : Over 10,000 Docker Hub images found leaking credentials, auth keysLinkedin : Over 10,000 Docker Hub images found leaking credentials, auth keysReddit : Over 10,000 Docker Hub images found leaking credentials, auth keysTelegram : Over 10,000 Docker Hub images found leaking credentials, auth keysWhatsApp : Over 10,000 Docker Hub images found leaking credentials, auth keysEmail : Over 10,000 Docker Hub images found leaking credentials, auth keys
New Spiderman phishing service targets dozens of European banks
10
Dec
2025

New Spiderman phishing service targets dozens of European banks

A new phishing kit called Spiderman is targeting customers of numerous European banks and cryptocurrency services using pixel-perfect replicas of…

Share: X : New Spiderman phishing service targets dozens of European banksFacebook : New Spiderman phishing service targets dozens of European banksLinkedin : New Spiderman phishing service targets dozens of European banksReddit : New Spiderman phishing service targets dozens of European banksTelegram : New Spiderman phishing service targets dozens of European banksWhatsApp : New Spiderman phishing service targets dozens of European banksEmail : New Spiderman phishing service targets dozens of European banks
Acronis manufacturing
10
Dec
2025

Why a secure software development life cycle is critical for manufacturers

For all the scary talk about cyberattacks from vendors and industry experts, relatively few attacks are actually devastating. But the…

Share: X : Why a secure software development life cycle is critical for manufacturersFacebook : Why a secure software development life cycle is critical for manufacturersLinkedin : Why a secure software development life cycle is critical for manufacturersReddit : Why a secure software development life cycle is critical for manufacturersTelegram : Why a secure software development life cycle is critical for manufacturersWhatsApp : Why a secure software development life cycle is critical for manufacturersEmail : Why a secure software development life cycle is critical for manufacturers
Russian hacker
10
Dec
2025

Ukrainian hacker charged with helping Russian hacktivist groups

U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems,…

Share: X : Ukrainian hacker charged with helping Russian hacktivist groupsFacebook : Ukrainian hacker charged with helping Russian hacktivist groupsLinkedin : Ukrainian hacker charged with helping Russian hacktivist groupsReddit : Ukrainian hacker charged with helping Russian hacktivist groupsTelegram : Ukrainian hacker charged with helping Russian hacktivist groupsWhatsApp : Ukrainian hacker charged with helping Russian hacktivist groupsEmail : Ukrainian hacker charged with helping Russian hacktivist groups