New Python tool checks NPM packages for manifest confusion issues
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software…
Category: Bleeping Computer
Microsoft denies data breach, theft of 30 million customer accounts
Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts.…
Hackers target European government entities in SmugX campaign
A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the…
Microsoft Edge upgrades built-in Cloudflare VPN with 5GB of data
Microsoft’s Edge browser has recently enhanced its ‘Edge Secure Network’ feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB. The…
Twitter’s bot spam keeps getting worse — it’s about porn this time
Forget crypto spam accounts, Twitter’s got another problem which involves bots and accounts promoting adult content and infiltrating Direct Messages and interactions on the platform. And…
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses…
The Week in Ransomware – June 30th 2023
A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week. This week, the New York City…
Twitter now forces you to sign in to view tweets
Starting today, Twitter is no longer accessible on web and mobile apps if you don’t have an account, forcing all users to log in if…
Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs
Hackers exploit a zero-day privilege escalation vulnerability in the ‘Ultimate Member’ WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts.…
New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for…
Free Akira ransomware decryptor helps recover your files
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money.…
CISA issues DDoS warning after attacks hit multiple US orgs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors were hit.…