WhatsApp flaw can let attackers run malicious code on Windows PCs
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. [...]
Bleeping Computer.
New Mirai botnet behind surge in TVT DVR exploitation
5 days 2 hours ago
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. [...]
Bill Toulas
AWS rolls out ML-KEM to secure TLS from quantum threats
5 days 3 hours ago
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. [...]
Bill Toulas
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
5 days 20 hours ago
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...]
Bill Toulas
Microsoft delays WSUS driver sync deprecation indefinitely
5 days 22 hours ago
Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). [...]
Sergiu Gatlan
Six arrested for AI-powered investment scams that stole $20 million
5 days 23 hours ago
Spain's police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. [...]
Bill Toulas
Everest ransomware's dark web leak site defaced, now offline
6 days ago
The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. [...]
Sergiu Gatlan
Google fixes Android zero-days exploited in attacks, 60 other flaws
6 days ago
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. [...]
Sergiu Gatlan
Malicious VSCode extensions infect Windows with cryptominers
6 days 1 hour ago
Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. [...]
Bill Toulas
Food giant WK Kellogg discloses data breach linked to Clop ransomware
6 days 2 hours ago
US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. [...]
Bill Toulas
Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs
6 days 3 hours ago
Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver. [...]
Sergiu Gatlan
This $16 AdGuard plan protects your whole family from malicious ads
6 days 6 hours ago
You have until April 27 at 11:59 p.m. PT to grab lifetime access to AdGuard's privacy and ad-blocking tools for just $15.97 (reg. $169)—remember to enter code FAMPLAN at checkout for this limited-time discount. [...]
Lawrence Abrams
E-ZPass toll payment texts return in massive phishing wave
1 week ago
An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. [...]
Bill Toulas
OpenAI tests watermarking for ChatGPT-4o Image Generation model
1 week ago
OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model. [...]
Mayank Parmar
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
1 week ago
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. [...]
Bill Toulas
Coinbase to fix 2FA account activity entry freaking out users
1 week 1 day ago
Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. [...]
Lawrence Abrams
WinRAR flaw bypasses Windows Mark of the Web security alerts
1 week 1 day ago
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]
Ionut Ilascu
Port of Seattle says ransomware breach impacts 90,000 people
1 week 2 days ago
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. [...]
Sergiu Gatlan
PoisonSeed phishing campaign behind emails with wallet seed phrases
1 week 2 days ago
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]
Bill Toulas
Australian pension funds hit by wave of credential stuffing attacks
1 week 2 days ago
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]
Sergiu Gatlan
Checked
3 hours 33 minutes ago
BleepingComputer - All Stories
Bleeping Computer. feed