Cryptocurrency theft attacks traced to 2022 LastPass breach
Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults…
Category: Bleeping Computer
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released FortiOS…
Google is testing a new image AI and it’s going to be its fastest model
Google is testing a new image AI model called “Nano Banana 2 Flash,” and it’s going to be faster than the Nano Banana Pro. This…
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide”…
New GlassWorm malware wave targets Macs with trojanized crypto wallets
A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the…
OpenAI is offering $20 ChatGPT Plus for free to some users
If you’re already subscribed to ChatGPT Plus, which costs $20, you can request OpenAI to cancel your subscription, and it may offer one month of…
NYC mayoral inauguration bans Flipper Zero, Raspberry Pi devices
New York City’s 2026 mayoral inauguration of Zohran Mamdani has published a list of banned items for the event, specifically prohibiting the Flipper Zero and…
Hackers drain $3.9M from Unleash Protocol after multisig hijack
The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals.…
RondoDox botnet exploits React2Shell flaw to breach Next.js servers
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. First documented by Fortinet in July…
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API…
Disney will pay $10 million to settle children’s data privacy lawsuit
Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children’s Online Privacy Protection Act by mislabeling videos…
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads…