Google patches first Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start…
Category: Bleeping Computer
Canada Goose investigating as hackers leak 600K customer records
ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told…
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS…
Windows 11 KB5077181 fixes boot failures linked to failed updates
Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an “UNMOUNTABLE_BOOT_VOLUME” error after installing recent…
Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports that more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs are being used in an active malware campaign targeting global organizations. The…
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers…
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has…
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. At least two…
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated…
Turning IBM QRadar Alerts into Action with Criminal IP
Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface intelligence platform, is now integrated with IBM QRadar SIEM and QRadar SOAR. The integration brings…
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited…
Microsoft fixes bug that blocked Google Chrome from launching
Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers.…