HPE investigates breach as hacker claims to steal source code

Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company's developer environments. [...]

https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/

 Microsoft: Exchange 2016 and 2019 reach end of support in October

​Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-october/

 Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity

AI SPERA announced today that it has partnered with education platform OnTheHub to provide its integrated cybersecurity solution, Criminal IP, to students and educational institutions. [...]

https://www.bleepingcomputer.com/news/security/criminal-ip-teams-up-with-onthehub-for-digital-education-cybersecurity/

 Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-pose-as-it-support-in-microsoft-teams-phishing-attacks/

 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

​A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives. [...]

https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/

 Bitbucket services “hard down” due to major worldwide outage

Bitbucket is investigating a massive outage affecting Atlassian Bitbucket Cloud customers worldwide, with the company saying its cloud services are "hard down." [...]

https://www.bleepingcomputer.com/news/technology/bitbucket-services-hard-down-due-to-major-worldwide-outage/

 Microsoft previews Game Assist in-game browser in Edge Stable

​Microsoft has announced that Game Assist, its recently unveiled in-game browser, is now also available in preview for Microsoft Edge Stable users. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-game-assist-in-game-browser-in-edge-stable/

 Fake Homebrew Google ads target Mac users with malware

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...]

https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/

 Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-mitigated-a-record-breaking-56-tbps-ddos-attack/

 Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/

 Use this AI chatbot prompt to create a password-exclusion list

Creating a custom password-exclusion list can help prevent employees from using passwords that are likely to be guessed. Learn from Specops Software on using AI to generate password dictionary for securing your organization's credentials. [...]

https://www.bleepingcomputer.com/news/security/use-this-ai-chatbot-prompt-to-create-a-password-exclusion-list/

 IPany VPN breached in supply-chain attack to push custom malware

South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware. [...]

https://www.bleepingcomputer.com/news/security/ipany-vpn-breached-in-supply-chain-attack-to-push-custom-malware/

 Windows 11 24H2 now also offered to all eligible Windows 10 PCs

Microsoft says Windows 11 24H2 has entered the broad deployment phase and is now available to all seekers via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-expands-windows-11-24h2-rollout-to-eligible-windows-10-pcs/

 Conduent confirms cybersecurity incident behind recent outage

American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a "cyber security incident." [...]

https://www.bleepingcomputer.com/news/security/conduent-confirms-cybersecurity-incident-behind-recent-outage/

 PowerSchool hacker claims they stole data of 62 million students

The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers. [...]

https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/

 Cisco warns of denial of service flaw with PoC exploit code

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-denial-of-service-flaw-with-poc-exploit-code/

 Telegram captcha tricks you into running malicious PowerShell scripts

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. [...]

https://www.bleepingcomputer.com/news/security/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/

 Cloudflare CDN flaw leaks user location data, even through secure chat apps

A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), which could expose a person's general location by simply sending them an image on platforms like Signal and Discord. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/

 Critical zero-days impact premium WordPress real estate plugins

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. [...]

https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/

 Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

​Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest. [...]

https://www.bleepingcomputer.com/news/security/tesla-ev-charger-hacked-twice-on-second-day-of-pwn2own-tokyo/

 Stealthy 'Magic Packet' malware targets Juniper VPN gateways

A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in the network traffic. [...]

https://www.bleepingcomputer.com/news/security/stealthy-magic-packet-malware-targets-juniper-vpn-gateways/