‘Bitter’ espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as ‘Bitter APT’ was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware…
Category: Bleeping Computer
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service…
CloudPanel installations use the same SSL certificate private key
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional…
Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed ‘Acropalypse’ privacy flaw that allows the partial restoration…
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular…
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products. The list of hacked targets…
BlackGuard stealer now targets 57 crypto wallets, extensions
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in…
City of Toronto confirms data theft, Clop claims responsibility
City of Toronto is among Clop ransomware gang’s latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city government include UK’s Virgin Group and…
New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft…
Windows 11 gets phishing protection boost and SHA-3 support
Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support…
Exploit released for Veeam bug allowing cleartext credential theft
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam’s Backup & Replication (VBR) software. The flaw (CVE-2023-27532) affects all VBR…
Python info-stealing malware uses Unicode to evade detection
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers’ account credentials and other sensitive…