Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain…
Category: Bleeping Computer
Romanian water authority hit by ransomware attack over weekend
Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, was hit by a ransomware attack over the weekend. Officials with the National Cyber Security Directorate…
Coupang breach affecting 33.7 million users raises data protection questions
Coupang, South Korea’s leading e-commerce platform, recently disclosed a data breach affecting 33.7 million customer accounts which is equivalent to nearly two-thirds of the Korean…
University of Phoenix data breach impacts nearly 3.5 million individuals
The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university’s network…
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. The…
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries. The defendant, 35-year-old…
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks. The security flaw, tracked…
Docker Hardened Images now open source and available for free
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. Docker is a…
RansomHouse upgrades encryption with multi-layered data processing
The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single-phase linear technique to a more complex, multi-layered method. In practice, the…
Microsoft confirms Teams is down and messages are delayed
Microsoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. The outage started at 14:30PM ET, and it’s affecting users in all…
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing platform. The attacks led to business email compromise, data breaches, and…
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device…