New ShrinkLocker ransomware uses BitLocker to encrypt your files

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [...]

https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-uses-bitlocker-to-encrypt-your-files/

 Cencora data breach exposes US patient info from 8 drug companies

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [...]

https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-8-drug-companies/

 Microsoft Copilot fixed worldwide after 24 hour outage

After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-fixed-worldwide-after-24-hour-outage/

 Microsoft: Windows 24H2 will remove Cortana and WordPad apps

Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-24h2-will-remove-cortana-and-wordpad-apps/

 Hacker defaces spyware app’s site, dumps database and source code

​​A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. [...]

https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/

 ICQ messenger shuts down after almost 28 years

The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [...]

https://www.bleepingcomputer.com/news/software/icq-messenger-shuts-down-after-almost-28-years/

 Indian man stole $37 million in crypto using fake Coinbase Pro site

An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...]

https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/

 Arc browser’s Windows launch targeted by Google ads malvertising

A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. [...]

https://www.bleepingcomputer.com/news/security/arc-browsers-windows-launch-targeted-by-google-ads-malvertising/

 Hackers phish finance orgs using trojanized Minesweeper clone

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. [...]

https://www.bleepingcomputer.com/news/security/hackers-phish-finance-orgs-using-trojanized-minesweeper-clone/

 Sav-Rx discloses data breach impacting 2.8 million Americans

Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. [...]

https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/

 Hackers target Check Point VPNs to breach enterprise networks

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [...]

https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/

 TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. [...]

https://www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/

 Ad blocker users say YouTube videos are now skipping to the end

Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. [...]

https://www.bleepingcomputer.com/news/google/ad-blocker-users-say-youtube-videos-are-now-skipping-to-the-end/

 Christie’s confirms breach after RansomHub threatens to leak data

Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. [...]

https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/

 Exploit released for maximum severity Fortinet RCE bug, patch now

​Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. [...]

https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/

 Microsoft links North Korean hackers to new FakePenny ransomware

​Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-links-moonstone-sleet-north-korean-hackers-to-new-fakepenny-ransomware/

 Russian indicted for selling access to US corporate networks

A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. [...]

https://www.bleepingcomputer.com/news/security/russian-indicted-for-selling-access-to-us-corporate-networks/

 US govt sanctions cybercrime gang behind massive 911 S5 botnet

The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." [...]

https://www.bleepingcomputer.com/news/security/us-govt-sanctions-cybercrime-gang-behind-massive-911-s5-botnet-linked-to-illegitimate-residential-proxy-service/

 Over 90 malicious Android apps with 5.5M installs found on Google Play

Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [...]

https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/

 First American December data breach impacts 44,000 people

First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. [...]

https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/

 Check Point releases emergency fix for VPN zero-day exploited in attacks

Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. [...]

https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/