W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft…
Category: Bleeping Computer
Coffee Meets Bagel says recent outage caused by destructive cyberattack
The Coffee Meets Bagel dating platform confirms last week’s outage was caused by hackers breaching the company’s systems and deleting company data. The dating platform…
Atlas VPN zero-day vulnerability leaks users’ real IP address
An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user’s real IP address simply by visiting a website. Atlas VPN is a VPN…
Crypto casino Stake.com loses $41 million to hot wallet hackers
Image: Midjourney Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto…
Chaes malware now uses Google Chrome DevTools Protocol to steal data
The Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to…
PTaaS Bridges the Gap within Application Security
Pen testing, also known as “ethical hacking,” involves a team of cybersecurity professionals tasked to test the resilience of an organization’s security systems. Unfortunately, traditional web…
ASUS routers vulnerable to critical remote code execution flaws
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not…
German financial agency site disrupted by DDoS attack since Friday
The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. BaFin is…
Insurer fined $3M for exposing data of 650k clients for two years
The Swedish Authority for Privacy Protection (IMY) has fined insurer Trygg-Hansa $3 million for exposing on its online portal sensitive data belonging to hundreds of thousands of…
Freecycle confirms massive data breach impacting 7 million users
Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users.…
Hackers exploit MinIO storage system to breach corporate networks
Image: Midjourney Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over…
Hackers target IT help desks to gain Super Admin, disable MFA
Identity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor…