Over 75,000 WatchGuard security devices vulnerable to critical RCE
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a…
Category: Bleeping Computer
High-severity Windows SMB flaw now exploited in attacks
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.…
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been…
Microsoft fixes Windows Server Active Directory sync issues
Microsoft is rolling out a fix for Active Directory issues affecting some Windows Server 2025 systems after installing security updates released since September. As Redmond…
Microsoft warns of Windows smart card auth issues after October updates
Microsoft says the October 2025 Windows security updates are causing smart card authentication and certificate issues due to a change designed to strengthen the Windows…
AWS outage crashes Amazon, PrimeVideo, Fortnite, Perplexity and more
AWS outage has taken down millions of websites, including Amazon.com, PrimeVideo, Perplexity AI, Canva and more. The outage started approx 30 minutes ago and it’s…
Experian fined $3.2 million for mass-collecting personal data
Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) The Dutch Data Protection Authority (AP)…
TikTok videos continue to push infostealers in ClickFix attacks
Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware. ISC Handler Xavier…
OpenAI confirms GPT-6 is not shipping in 2025
OpenAI is not planning to ship GPT-6 this year, but that doesn’t necessarily mean the company will not release new models. OpenAI currently has several…
Google ads for fake Homebrew, LogMeIn sites push infostealers
A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The…
American Airlines subsidiary Envoy confirms Oracle data theft attack
Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion…
ConnectWise fixes Automate bug allowing AiTM update attacks
ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and…