Malicious Chrome extensions can spoof password managers in new attack

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]

https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/

 Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses

The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. [...]

https://www.bleepingcomputer.com/news/security/free-vciso-course-turning-msps-and-mssps-into-cybersecurity-powerhouses/

 Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/over-37-000-vmware-esxi-servers-vulnerable-to-ongoing-attacks/

 Microsoft 365 apps will prompt users to back up files in OneDrive

Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-apps-will-prompt-users-to-back-up-files-in-onedrive/

 Ethereum private key stealer on PyPI downloaded over 1,000 times

A malicious Python Package Index (PyPI)  package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. [...]

https://www.bleepingcomputer.com/news/security/ethereum-private-key-stealer-on-pypi-downloaded-over-1-000-times/

 Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. [...]

https://www.bleepingcomputer.com/news/security/cybercrime-crew-stole-635-000-in-taylor-swift-concert-tickets/

 US seizes domain of Garantex crypto exchange used by ransomware gangs

The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-domain-of-garantex-crypto-exchange-used-by-ransomware-gangs/

 Akira ransomware encrypted network from a webcam to bypass EDR

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. [...]

https://www.bleepingcomputer.com/news/security/akira-ransomware-encrypted-network-from-a-webcam-to-bypass-edr/

 Microsoft says malvertising campaign impacted 1 million PCs

​Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...]

https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/

 Microsoft: North Korean hackers join Qilin ransomware gang

Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-north-korean-hackers-now-deploying-qilin-ransomware/

 Data breach at Japanese telecom giant NTT hits 18,000 companies

Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. [...]

https://www.bleepingcomputer.com/news/security/data-breach-at-japanese-telecom-giant-ntt-hits-18-000-companies/

 US charges Garantex admins with money laundering, sanctions violations

The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions. [...]

https://www.bleepingcomputer.com/news/security/us-charges-garantex-admins-with-money-laundering-sanctions-violations/

 Employee charged with stealing unreleased movies, sharing them online

A Memphis man was arrested and charged with stealing DVDs and Blu-ray discs of unreleased movies and sharing ripped digital copies online before their release. [...]

https://www.bleepingcomputer.com/news/security/employee-charged-with-stealing-unreleased-movies-sharing-them-online/

 Unpatched Edimax IP camera flaw actively exploited in botnet attacks

A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...]

https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/

 US seizes $23 million in crypto stolen via password manager breach

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-23-million-in-crypto-stolen-via-password-manager-breach/

 YouTubers extorted via copyright strikes to spread malware

Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos. [...]

https://www.bleepingcomputer.com/news/security/youtubers-extorted-via-copyright-strikes-to-spread-malware/

 Undocumented backdoor found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented backdoor that could be leveraged for attacks. [...]

https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

 Developer guilty of using kill switch to sabotage employer's systems

A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company. [...]

https://www.bleepingcomputer.com/news/security/developer-guilty-of-using-kill-switch-to-sabotage-employers-systems/

 New Chirp tool uses audio tones to transfer data between devices

A new open-source tool named 'Chirp' transmits data, such as text messages, between computers (and smartphones) through different audio tones. [...]

https://www.bleepingcomputer.com/news/software/new-chirp-tool-uses-audio-tones-to-transfer-data-between-devices/

 US cities warn of wave of unpaid parking phishing texts

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. [...]

https://www.bleepingcomputer.com/news/security/us-cities-warn-of-wave-of-unpaid-parking-phishing-texts/

 Microsoft lifts Windows 11 update block for some AutoCAD users

Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-update-block-for-some-autocad-users/