Hackers lurked in Treasury OCC’s systems since June 2023 breach

Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. [...]

https://www.bleepingcomputer.com/news/security/hackers-lurked-in-treasury-occs-systems-since-june-2023-breach/

 Windows 11 KB5055523 & KB5055528 cumulative updates released

Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5055523-and-kb5055528-cumulative-updates-released/

 Windows 10 KB5055518 update fixes random text when printing

Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5055518-update-fixes-random-text-when-printing/

 Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/

 Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. [...]

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

 Microsoft fixes auth issues on Windows Server, Windows 11 24H2

Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-auth-issues-on-windows-server-windows-11-24h2/

 Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/fake-microsoft-office-add-in-tools-push-malware-via-sourceforge/

 Police detains Smokeloader malware customers, seizes servers

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. [...]

https://www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/

 Phishing kits now vet victims in real-time before stealing credentials

Phishing actors are employing a new evasion tactic called  'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. [...]

https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/

 Microsoft: April 2025 updates break Windows Hello on some PCs

Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-updates-break-windows-hello-on-some-pcs/

 Who's calling? The threat of AI-powered vishing attacks

AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk. [...]

https://www.bleepingcomputer.com/news/security/whos-calling-the-threat-of-ai-powered-vishing-attacks/

 Microsoft investigates global Exchange Admin Center outage

Microsoft is investigating an ongoing outage that is blocking admins worldwide from accessing the Exchange Admin Center (EAC). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-global-exchange-admin-center-outage/

 CentreStack RCE exploited as zero-day to breach file sharing servers

Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...]

https://www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/

 Critical FortiSwitch flaw lets hackers change admin passwords remotely

Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]

https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/

 Windows 11 April update unexpectedly creates new 'inetpub' folder

Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/

 Oracle says "obsolete servers" hacked, denies cloud breach

Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." [...]

https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/

 Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. [...]

https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/

 Google takes on Cursor with Firebase Studio, its AI builder for vibe coding

Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. [...]

https://www.bleepingcomputer.com/news/google/google-takes-on-cursor-with-firebase-studio-its-ai-builder-for-vibe-coding/

 Windows 11 tests sharing apps screen and files with Copilot AI

Copilot on Windows 11 is testing OS-level integration that would allow you to share your favourite apps' screen with Copilot. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-tests-sharing-apps-screen-and-files-with-copilot-ai/

 ChatGPT's o4-mini, o4-mini-high and o3 spotted ahead of release

OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-o4-mini-o4-mini-high-and-o3-spotted-ahead-of-release/

 Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool

Flipper Devices, the company behind the popular Flipper Zero, has launched an open-source productivity tool called Busy Bar, designed to help reduce distractions for people with ADHD. [...]

https://www.bleepingcomputer.com/news/technology/flipper-zero-maker-unveils-busy-bar-a-new-adhd-productivity-tool/