New RoadK1ll WebSocket implant used to pivot on breached networks
A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. The…
Category: Bleeping Computer
Healthcare tech firm CareCloud says hackers stole patient data
Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. The New…
Critical Citrix NetScaler memory flaw actively exploited in attacks
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. Citrix initially disclosed CVE-2026-3055 in a security…
Apple adds macOS Terminal warning to block ClickFix attacks
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible…
Microsoft pulls KB5079391 Windows update over install issues
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. KB5079391, the problematic optional…
FBI confirms hack of Director Patel’s personal email inbox
The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. The FBI has…
File read flaw in Smart Slider plugin impacts 500K WordPress sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary…
Coruna iOS exploit framework linked to Triangulation attacks
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage…
From Bot Signups to Account Takeovers
Modern fraud attacks look like a relay race where different tools and actors handle each stage of the journey from signup to cash-out. When you…
WhatsApp rolls out more AI features, iOS multi-account support
WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts…
Dutch Police discloses security breach after phishing attack
The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn’t affected citizens’ data.…
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The…