macOS version of elusive 'LightSpy' spyware tool discovered

A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices. [...]

https://www.bleepingcomputer.com/news/security/macos-version-of-elusive-lightspy-spyware-tool-discovered/

 BBC suffers data breach impacting current, former employees

The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. [...]

https://www.bleepingcomputer.com/news/security/bbc-suffers-data-breach-impacting-current-former-employees/

 Cooler Master confirms customer info stolen in data breach

Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. [...]

https://www.bleepingcomputer.com/news/security/cooler-master-confirms-customer-info-stolen-in-data-breach/

 Everbridge warns of corporate systems breach exposing business data

Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. [...]

https://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/

 Malware botnet bricked 600,000 routers in mysterious 2023 attack

A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. [...]

https://www.bleepingcomputer.com/news/security/malware-botnet-bricked-600-000-routers-in-mysterious-2023-attack/

 Data of 560 million Ticketmaster customers for sale after alleged breach

​A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. [...]

https://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/

 Pirated Microsoft Office delivers malware cocktail on systems

Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. [...]

https://www.bleepingcomputer.com/news/security/pirated-microsoft-office-delivers-malware-cocktail-on-systems/

 Microsoft: Windows 11 preview update causes taskbar crashes

Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-kb5037959-windows-11-preview-update-causes-taskbar-crashes/

 ShinyHunters claims Santander breach, selling data for 30M customers

A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. [...]

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/

 Europol identifies 8 cybercriminals tied to malware loader botnets

Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. [...]

https://www.bleepingcomputer.com/news/legal/europol-identifies-8-cybercriminals-tied-to-malware-loader-botnets/

 Snowflake account hacks linked to Santander, Ticketmaster breaches

A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. However, Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts. [...]

https://www.bleepingcomputer.com/news/security/snowflake-account-hacks-linked-to-santander-ticketmaster-breaches/

 CISA warns of actively exploited Linux privilege elevation flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/

 DMM Bitcoin warns that hackers stole $300 million in Bitcoin

Japanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. [...]

https://www.bleepingcomputer.com/news/security/dmm-bitcoin-warns-that-hackers-stole-300-million-in-bitcoin/

 Live Nation finally confirms massive Ticketmaster data breach

Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. [...]

https://www.bleepingcomputer.com/news/security/live-nation-finally-confirms-massive-ticketmaster-data-breach/

 Google Chrome change that weakens ad blockers begins June 3rd

Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-change-that-weakens-ad-blockers-begins-june-3rd/

 Kaspersky releases free tool that scans Linux for known threats

Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [...]

https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/

 Police dismantle pirated TV streaming network that made $5.7 million

Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. [...]

https://www.bleepingcomputer.com/news/legal/police-dismantle-pirated-tv-streaming-network-that-made-57-million/

 AI platform Hugging Face says hackers stole auth tokens from Spaces

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. [...]

https://www.bleepingcomputer.com/news/security/ai-platform-hugging-face-says-hackers-stole-auth-tokens-from-spaces/

 Verizon users report blurry photos in Android messaging apps

Verizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. [...]

https://www.bleepingcomputer.com/news/mobile/verizon-users-report-blurry-photos-in-android-messaging-apps/

 Exploit for critical Progress Telerik auth bypass released, patch now

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. [...]

https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/

 Azure Service Tags tagged as security risk, Microsoft disagrees

​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. [...]

https://www.bleepingcomputer.com/news/microsoft/azure-service-tags-tagged-as-security-risk-microsoft-disagrees/