Critical React2Shell flaw exploited in ransomware attacks
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute…
Category: Bleeping Computer
Your MFA Is Costing You Millions. It Doesn’t Have To.
Token’s Wireless Biometrics Pay for Themselves Starting Day One For nearly twenty years enterprises have been told the same thing. Authentication is a cost center.…
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a known Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites…
Cellik Android malware builds malicious versions from Google Play apps
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed…
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity…
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud…
Texas sues TV makers for taking screenshots of what people watch
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated…
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. The two vulnerabilities are tracked…
Cyberattack disrupts Venezuelan oil giant PDVSA’s operations
Petróleos de Venezuela (PDVSA), Venezuela’s state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. In a Monday statement, PDVSA denied…
Microsoft to block Exchange Online access for outdated mobile devices
Microsoft announced on Monday that it will soon block mobile devices running outdated email software from accessing Exchange Online services until they’re updated. As the Exchange…
European authorities dismantle call center fraud ring in Ukraine
European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros.…
SoundCloud confirms breach after member data stolen, VPN access disrupted
Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which…