All CosmicBytez Labs articles tagged #BleepingComputer, across news, security advisories, how-to guides, and projects.
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response solutions, marking a new escalation in AI-assisted cybercrime.
Google's June 2026 Android security update patches 124 vulnerabilities including one zero-day flaw that has been actively exploited in targeted attacks against Android devices.
Microsoft announced Coreutils for Windows at Build 2026, bringing widely used Linux command-line utilities — ls, grep, cat, awk, and more — to Windows as native applications without requiring WSL or third-party tools.
Belgium's national cybersecurity authority (CCB) has issued an urgent warning that threat actors are actively exploiting a recently patched critical Windows Netlogon Remote Protocol vulnerability that allows unauthenticated remote code execution on domain controllers.
Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT desktop applications bundled with infostealer malware.
DDoS attacks are increasingly sold as subscription services with pricing tiers, reseller programs, and customer support. Flare's analysis reveals how the DDoS-as-a-Service market has matured from scattered tools into polished criminal attack platforms.
Hackers are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin that allows unauthenticated attackers to create rogue administrator accounts, granting full site control without any login.
ShinyHunters stole personal information from 4.9 million Charter Communications accounts in an April 2026 hack, confirmed via Have I Been Pwned.
Dutch authorities took offline a massive botnet of 17 million infected devices and seized more than 200 servers from a local hosting provider that...
A North Carolina man was sentenced to more than 10 years in federal prison for selling the personal information of over 7 million elderly Americans to...
A Google security engineer was charged with insider trading after winning $1.2 million by placing bets on cryptocurrency-based Polymarket using...
Carnival Corporation, the world's largest cruise operator, confirms a breach affecting nearly 6M people after ShinyHunters' April 2026 extortion claim.
An unpatched Gogs zero-day lets attackers gain RCE on internet-facing instances of the self-hosted Git service — no patch is currently available.
Attackers exploited a critical zero-day vulnerability in KnowledgeDeliver LMS servers to deploy the Godzilla web shell, giving persistent backdoor access to.
Drupal is warning that hackers are actively attempting to exploit a 'highly critical' SQL injection vulnerability, CVE-2026-9082, announced earlier this...
Two former executives of a call-tracking and analytics company have pleaded guilty to concealing a years-long tech support fraud scheme that victimized...
Italian authorities have dismantled the CINEMAGOAL piracy ecosystem after the app was found to have been stealing authentication codes from streaming...
Dutch financial crime investigators (FIOD) arrested two men and seized 800 servers from a hosting company that provided bulletproof infrastructure...
Trend Micro has patched an Apex One zero-day vulnerability actively exploited in attacks targeting Windows systems. The flaw, discovered in the company's...
U.S. and Canadian authorities arrested and charged a Canadian man with operating the Kimwolf DDoS botnet, which infected nearly two million devices...
Apple has revealed it blocked more than $11 billion in fraudulent App Store transactions over the past six years, including $2.2 billion in 2025 alone,...
GitHub has confirmed that hackers who stole 3,800 internal repositories gained access through a malicious version of the Nx Console VS Code extension...
Google accidentally leaked information about an unpatched Chromium vulnerability that allows JavaScript to continue running in the background even after...
Convenience store giant 7-Eleven has confirmed a data breach after the ShinyHunters extortion group publicly claimed responsibility for the attack. The...
Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...
80% of employees currently use unapproved AI tools at work, yet only 12% of companies have formal AI governance policies. Adaptive Security outlines a...
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication npm package, in a new...
A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...
The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...
Hackers gained access to Zara's customer databases and stole personal information belonging to more than 197,000 individuals, with the breach surfacing...
NVIDIA has confirmed that GeForce NOW user data was exposed in a data breach, with the incident specifically affecting users in Armenia. The company...
The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach disclosed last week, leaking a set of proof images...
Two former cybersecurity incident responders from Sygnia and DigitalMint were each sentenced to four years in federal prison for leveraging their trusted...
Austrian and Albanian law enforcement jointly dismantled a large-scale cryptocurrency investment fraud operation estimated to have caused over €50 million...
GitHub has patched CVE-2026-3854, a critical remote code execution vulnerability exploitable via a single HTTP request that could have granted attackers...
Threat actors are actively exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptomining...
The Vercel breach, traced to a compromised third-party AI tool with OAuth access, illustrates how Shadow AI adoption and unchecked OAuth integrations are...
Researchers have found that VECT 2.0 ransomware contains a critical flaw in its nonce handling that causes encryption to permanently destroy large files...
Threat actors are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in the LiteLLM open-source LLM gateway,...
Vimeo has confirmed that customer and user data was accessed without authorization following a security breach at Anodot, a data anomaly detection...
Following the April 2026 Patch Tuesday, Microsoft has made broadly available a new MDM policy setting that enables IT administrators to fully uninstall...
A newly disclosed vulnerability in the PackageKit daemon, dubbed Pack2TheRoot, allows local Linux users to escalate privileges to root by abusing the...
CISA has confirmed that a cross-site scripting vulnerability in Zimbra Collaboration Suite is being actively exploited in the wild, with over 10,000...
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. With stolen credentials now the single largest...
Microsoft is rolling out passkey support for phishing-resistant passwordless authentication to Microsoft Entra-protected resources from Windows devices...
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to publish stolen data unless a ransom is paid,...
US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent...
Threat actors are mass-exploiting a critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin, uploading PHP webshells to...
Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...
Angelo Martino, 41, a former employee of cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat...
France Titres, the French government agency responsible for issuing and managing administrative documents, has confirmed a cyberattack after a threat...
A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...
Microsoft is rolling out a new Efficiency Mode for Microsoft Teams that automatically throttles CPU and memory usage on hardware-constrained devices,...
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X...
A newly discovered supply chain attack targeting the npm ecosystem steals developer authentication tokens and uses compromised accounts to publish...
More than 1,300 internet-facing Microsoft SharePoint servers remain unpatched against a spoofing vulnerability exploited as a zero-day, with active...
Spanish police have shut down the largest Spanish-language manga piracy platform, which had operated since 2014 and served millions of monthly users...
Shadowserver found over 6,400 Apache ActiveMQ servers exposed online and vulnerable to ongoing attacks exploiting a high-severity code injection...
France Titres, the French government agency responsible for issuing administrative identity documents, has confirmed a data breach after a threat actor...
North Korean state-sponsored hackers from the Lazarus Group are behind a $290 million cryptocurrency theft from DeFi platform KelpDAO, marking one of the...
Microsoft released out-of-band updates to address critical issues affecting Windows Server systems that emerged after the installation of April 2026 Patch...
Backups protect your data, but they don't keep your business running during downtime. Understanding the difference between backup and BCDR is critical as...
Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...
Threat actors are exploiting Apple's legitimate account change notification system to embed fake iPhone purchase scams inside genuine Apple emails,...
The National Institute of Standards and Technology will stop assigning CVSS severity scores to lower-priority vulnerabilities in the NVD as CVE submission...
Cloud development platform Vercel has confirmed a security incident after threat actors claimed to have stolen internal databases, API keys, tokens, and...
A critical remote code execution vulnerability in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, has been disclosed...
Microsoft has acknowledged that a recent Microsoft Edge browser update introduced a regression that breaks right-click paste functionality in the...
Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities that allow attackers to gain SYSTEM or elevated...
A Qualys analysis of over one billion CISA Known Exploited Vulnerabilities remediation records shows that most critical flaws are being actively exploited...
Eurail B.V. has confirmed that a December 26, 2025 breach exposed the personal data of 308,777 individuals — including passport copies, IBAN bank details,...
Attackers have been silently exploiting an unpatched zero-day vulnerability in Adobe Acrobat Reader since at least November 2025, using malicious PDFs to...
Bitcoin Depot, operator of one of the largest Bitcoin ATM networks in North America, disclosed that attackers stole $3.665 million in Bitcoin from its hot...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...
A massive campaign targeting nearly 100 Magento e-commerce stores embeds credit card-stealing JavaScript inside a pixel-sized SVG image, bypassing visual...
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen, enabling...
An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...
Drift Protocol has revealed that the $280 million hack it suffered was the culmination of a six-month long operation in which North Korean-linked threat...
The FBI's Internet Crime Complaint Center reports that U.S. victims lost nearly $21 billion to cyber-enabled crimes in 2025 — an all-time record — driven...
Attackers are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms File Uploads premium add-on for...
A security researcher operating under the aliases 'Chaotic Eclipse' and 'Nightmare-Eclipse' has publicly released exploit code for an unpatched Windows...
Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...
Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...
Researchers from the University of Toronto have demonstrated GPUBreach, a novel attack that induces Rowhammer bit-flips in GPU GDDR6 memory to bypass...
Infostealers are harvesting credentials and session cookies at scale, quietly bypassing MFA and traditional defenses. Here's why organizations need...
Threat actors are running a large-scale, automated campaign exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js applications to steal...
Scammers are sending fake "Notice of Default" traffic violation SMS messages impersonating state courts across the U.S., pressuring recipients to scan a...
Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...
Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...
Telehealth giant Hims & Hers Health is warning customers of a data breach after support tickets were stolen from a third-party customer service platform,...
CERT-EU has attributed the European Commission cloud account compromise to the TeamPCP threat group, revealing the breach exposed sensitive data from at...
The Qilin ransomware group has claimed responsibility for an attack against German political party Die Linke, forcing an IT systems outage and threatening...
Microsoft has begun automatically upgrading unmanaged Windows 11 Home and Pro devices from 24H2 to 25H2, removing user choice from the update process for...
Threat actors are weaponizing vacant properties as drop addresses for mail interception, blending physical access with digital fraud. A Flare threat...
Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...
The Drift Protocol DeFi platform lost at least $280 million after a sophisticated threat actor executed a planned governance attack, seizing control of...
Two newly disclosed vulnerabilities in Progress ShareFile can be chained together to enable unauthenticated remote code execution and file exfiltration,...
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity...
Apple has extended security update eligibility to additional iPhone models still running iOS 18, enabling more devices to receive protections against the...
Google has patched the fourth Chrome zero-day vulnerability actively exploited in attacks this year, a use-after-free flaw in the Dawn graphics engine...
Threat actors have weaponized an unpatched zero-day in TrueConf conference server software to execute arbitrary files on all connected endpoints,...
A new Android malware named NoVoice was discovered hiding in over 50 apps on the Google Play Store, with a combined download count of at least 2.3...
Healthcare IT company CareCloud has disclosed a cyberattack that resulted in the theft of sensitive patient data and caused an eight-hour network outage,...
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, allows subscriber-level users to read arbitrary files on the...
The Alliance for Creativity and Entertainment has announced the shutdown of AnimePlay, a major unauthorized anime streaming platform serving over 5...
Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka...
The European Commission is investigating a security breach after a threat actor gained unauthorized access to its Amazon Web Services cloud environment...
Mass exploitation is underway against Magento 2 and Adobe Commerce installations using the 'PolyShell' polyglot file upload vulnerability, with attackers...
Citrix has patched two NetScaler ADC and Gateway vulnerabilities — including a critical CVSS 9.3 out-of-bounds read flaw eerily similar to the previously...
Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...
New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...
PTC is warning customers of an imminent exploit threat against a critical deserialization vulnerability in Windchill and FlexPLM — CVE-2026-4681, CVSS...
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8...
Mazda Motor Corporation has disclosed a security incident detected in December 2025 in which unauthorized access to a warehouse management system exposed...
The Trivy open-source vulnerability scanner was compromised in a supply chain attack by the threat group TeamPCP, which hijacked 75 release tags and...
A new infostealer named VoidStealer bypasses Chrome's Application-Bound Encryption by attaching a remote debugger to the browser process and using the...
Navia Benefit Solutions has notified nearly 2.7 million individuals of a data breach that exposed sensitive personal and health-related information to...
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Oracle Identity Manager and...
CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, warning that the medium-severity path disclosure flaw is being...
Attackers hijacked AppsFlyer's CDN domain via a registrar incident, serving a sophisticated 170 KB crypto-stealing JavaScript payload to every site...
Canadian telecom giant Telus Digital has confirmed a security incident after the ShinyHunters hacking group claimed to have stolen nearly 1 petabyte of...
A new cross-platform tool called Tirith hooks into terminal shells to detect and block Unicode homoglyph attacks, pipe-to-shell exploits, and supply chain...
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...