The hidden risks in your DevOps stack data—and how to address them
While DevOps drives innovation and simplifies collaboration, it also comes with its own set of risks and vulnerabilities. Developers rely on Git-based platforms like GitHub,…
Category: Bleeping Computer
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. Over…
New Ransomware-as-a-Service created by ShinyHunters
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. ShinySp1d3r is the name of an…
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited…
California man admits to laundering crypto stolen in $230M heist
A 45-year-old from Irvine, California, has pleaded guilty to laundering at least $25 million stolen in a massive $230 million cryptocurrency heist. Kunal Mehta (also…
Cloudflare blames this week’s massive outage on database issues
On Tuesday, Cloudflare experienced its worst outage in 6 years, blocking access to many websites and online platforms for almost 6 hours after a change…
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
A China-linked threat actor tracked as ‘PlushDaemon’ is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have…
Thunderbird adds native support for Microsoft Exchange accounts
Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. This means that Thunderbird users…
French agency Pajemploi reports data breach affecting 1.2M people
Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2…
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. Developed by…
Microsoft Teams to let users report messages wrongly flagged as threats
Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. This new feature was first announced…
Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools
Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce…