New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute
A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. The technique works…
Category: Bleeping Computer
What 345 Days of Untested Exposure Looks Like at a Bank
In April, a single VPN vulnerability led to data breaches at more than seventy financial institutions running Marquis Software’s infrastructure, according to American Banker’s reporting…
Google adds Android protection against AI deepfake scam calls
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts. Called…
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI says it’s rolling out a new update that improves the existing GPT-5.5 Instant model and retires multiple legacy models, including o3. GPT-5.5 Instant was released…
Microsoft’s Coreutils project brings Linux commands to Windows
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as…
Microsoft Exchange Online outage causes email delays, failures
Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America, Asia-Pacific (APAC), and Europe. The…
CISA flags two-year-old Oracle flaw as actively exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was…
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute…
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat’s ‘@redhat-cloud-services’ namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware,…
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. Thousands of websites have…
Dashlane password manager users locked out by brute force attacks
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. In a statement…
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. “We’re…