Chinese hackers used VMware ESXi zero-day to backdoor VMs
VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data. The…
Category: Bleeping Computer
WordPress Stripe payment plugin bug leaks customer order details
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed…
Blink Copilot Brings Generative AI to Security Automation
Imagine if all you needed to do to turn a security policy into an enforced workflow was type it out as a prompt… Modern security…
Bulletproof hoster gets 3 years for pushing Urfsnif, Zeus malware
Romanian national Mihai Ionut Paunescu, aka “Virus,” was sentenced to three years in prison by a Manhattan federal court for running a bulletproof hosting service…
New FortiOS RCE bug “may have been exploited” in attacks
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week “may have been exploited” in attacks impacting government, manufacturing, and critical infrastructure…
Have I Been Pwned warns of new Zacks data breach impacting 8 million
Zacks Investment Research (Zacks) has reportedly suffered an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking…
Azure Portal outage was caused by traffic “spike”
Microsoft revealed in an update to the Azure status page that the preliminary root cause behind an outage that impacted the Azure Portal worldwide on…
Exploit released for MOVEit RCE bug used in data theft attacks
Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution…
Swiss government warns of ongoing DDoS attacks, data leak
The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it…
Hackers steal $3 million by impersonating crypto news journalists
A hacking group tracked as ‘Pink Drainer’ is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks. According to ScamSniffer analysts,…
Strava heatmap feature can be abused to find home addresses
Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app’s heatmap feature that could lead to identifying users’ home…
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. The security fixes were released on Friday in…