SmartAttack uses smartwatches to steal data from air-gapped systems

A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. [...]

https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

 ChatGPT o3 API 80% price drop has no impact on performance

ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-o3-api-80-percent-price-drop-has-no-impact-on-performance/

 Fog ransomware attack uses unusual mix of legitimate and open-source tools

Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. [...]

https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-unusual-mix-of-legitimate-and-open-source-tools/

 Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issue

Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-emergency-update-fixes-easy-anti-cheat-bsod-issue/

 GitLab patches high severity account takeover, missing auth issues

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. [...]

https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/

 Microsoft Edge now offers secure password deployment for businesses

Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-now-offers-secure-password-deployment-for-businesses/

 Password-spraying attacks target 80,000 Microsoft Entra ID accounts

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]

https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/

 Graphite spyware used in Apple iOS zero-click attacks on journalists

Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]

https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/

 Google Cloud and Cloudflare hit by widespread service outages

Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]

https://www.bleepingcomputer.com/news/technology/google-cloud-and-cloudflare-hit-by-widespread-service-outages/

 Trend Micro fixes critical vulnerabilities in multiple products

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...]

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/

 Cloudflare: Outage not caused by security incident, data is safe

Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. [...]

https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/

 Victoria’s Secret restores critical systems after cyberattack

Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...]

https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/

 Microsoft confirms auth issues affecting Microsoft 365 users

Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-auth-issues-affecting-microsoft-365-users/

 Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices

Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5060533-update-triggers-boot-errors-on-surface-hub-v1-devices/

 Discord flaw lets hackers reuse expired invites in malware campaign

Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign/

 Google links massive cloud outage to API management issue

Google says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. [...]

https://www.bleepingcomputer.com/news/google/google-links-massive-cloud-outage-to-api-management-issue/

 Windows 11 users want these five features back

When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-users-want-these-five-features-back/

 WestJet investigates cyberattack disrupting internal systems

WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...]

https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/

 Over 46,000 Grafana instances exposed to account takeover bug

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. [...]

https://www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/

 ChatGPT Search gets an upgrade as OpenAI takes aim at Google

On June 13, OpenAI began rolling out a new ChatGPT Search update to improve quality as the AI startup challenges Google's dominance. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-search-gets-an-upgrade-as-openai-takes-aim-at-google/

 ChatGPT's AI coder Codex now lets you choose the best solution

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-ai-coder-codex-now-lets-you-choose-the-best-solution/