Rubrik rotates authentication keys after log server breach

Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. [...]

https://www.bleepingcomputer.com/news/security/rubrik-rotates-authentication-keys-after-log-server-breach/

 Google fixes Android zero-day exploited by Serbian authorities

Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-targeted-attacks/

 Broadcom fixes three VMware zero-days exploited in attacks

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. [...]

https://www.bleepingcomputer.com/news/security/broadcom-fixes-three-vmware-zero-days-exploited-in-attacks/

 Hunters International ransomware claims attack on Tata Technologies

The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. [...]

https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-claims-attack-on-tata-technologies/

 Polish Space Agency offline as it recovers from cyberattack

​The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...]

https://www.bleepingcomputer.com/news/security/polish-space-agency-offline-as-it-recovers-from-cyberattack/

 New polyglot malware hits aviation, satellite communication firms

A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. [...]

https://www.bleepingcomputer.com/news/security/new-polyglot-malware-hits-aviation-satellite-communication-firms/

 Google expands Android AI scam detection to more Pixel devices

Google has announced an increased rollout of new AI-powered scam detection features on Android to help protect users from increasingly sophisticated phone and text social engineering scams. [...]

https://www.bleepingcomputer.com/news/security/google-expands-android-ai-scam-detection-to-more-pixel-devices/

 Cisco warns of Webex for BroadWorks flaw exposing credentials

Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/

 New Eleven11bot botnet infects 86,000 devices for DDoS attacks

A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. [...]

https://www.bleepingcomputer.com/news/security/new-eleven11bot-botnet-infects-86-000-devices-for-ddos-attacks/

 Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware/

 Fake BianLian ransom notes mailed to US CEOs in postal mail scam

Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. [...]

https://www.bleepingcomputer.com/news/security/fake-bianlian-ransom-notes-mailed-to-us-ceos-in-postal-mail-scam/

 Toronto Zoo shares update on last year's ransomware attack

The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024. [...]

https://www.bleepingcomputer.com/news/security/toronto-zoo-shares-update-on-last-years-ransomware-attack/

 Look up: The new frontier of cyberthreats is in the sky

With increased unidentified drone sightings worldwide, some are concerned they pose a cybersecurity risk. Learn more from Acronis about these risks and a real attack on a Taiwan drone manufacturer. [...]

https://www.bleepingcomputer.com/news/security/look-up-the-new-frontier-of-cyberthreats-is-in-the-sky/

 YouTube warns of AI-generated video of its CEO used in phishing attacks

YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...]

https://www.bleepingcomputer.com/news/security/youtube-warns-of-ai-generated-video-of-its-ceo-used-in-phishing-attacks/

 BadBox malware disrupted on 500K infected Android devices

The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. [...]

https://www.bleepingcomputer.com/news/security/badbox-malware-disrupted-on-500k-infected-android-devices/

 US charges Chinese hackers linked to critical infrastructure breaches

The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...]

https://www.bleepingcomputer.com/news/security/us-charges-chinese-hackers-linked-to-critical-infrastructure-breaches/

 Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...]

https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/

 Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]

https://www.bleepingcomputer.com/news/security/open-source-tool-rayhunter-helps-users-detect-stingray-attacks/

 Malicious Chrome extensions can spoof password managers in new attack

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]

https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/

 Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses

The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. [...]

https://www.bleepingcomputer.com/news/security/free-vciso-course-turning-msps-and-mssps-into-cybersecurity-powerhouses/

 Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/over-37-000-vmware-esxi-servers-vulnerable-to-ongoing-attacks/