New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. The devs will…
Category: Bleeping Computer
Windows Server emergency patches fix WSUS bug with PoC exploit
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is…
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. At Pwn2Own Ireland 2025, competitors targeted…
Toys “R” Us Canada warns customers’ info leaked in data breach
Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records…
HP pulls update that broke Microsoft Entra ID auth on some AI PCs
HP has pulled an HP OneAgent software update for Windows 11 that mistakenly deleted Microsoft certificates required for some organizations to log in to Microsoft Entra ID,…
Microsoft unveils Copilot’s “Mico” avatar
Today, Microsoft introduced Mico, a new and more personal avatar for the AI-powered Copilot digital assistant, which the company describes as human-centered. This new avatar…
Microsoft unveils Copilot’s “Mico” avatar
Today, Microsoft introduced Mico, a new and more personal avatar for the AI-powered Copilot digital assistant, which the company describes as human-centered. This new avatar…
Microsoft disables File Explorer preview for downloads to block attacks
Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via…
CISA warns of Lanscope Endpoint Manager flaw exploited in attacks
The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. The flaw is…
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI…
Zero Trust Has a Blind Spot—Your AI Agents
By Ido Shlomo, CTO and Co-Founder, Token Security Agentic AI has arrived. From custom GPTs to autonomous copilots, AI agents now act on behalf of…
North Korean Lazarus hackers targeted European defense companies
North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s…