Over 1,000 CrushFTP servers exposed to ongoing hijack attacks

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. [...]

https://www.bleepingcomputer.com/news/security/over-1-000-crushftp-servers-exposed-to-ongoing-hijack-attacks/

 Dior begins sending data breach notifications to U.S. customers

The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. [...]

https://www.bleepingcomputer.com/news/security/dior-begins-sending-data-breach-notifications-to-us-customers/

 Veeam Recovery Orchestrator users locked out after MFA rollout

Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA). [...]

https://www.bleepingcomputer.com/news/technology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/

 ExpressVPN bug leaked user IPs in Remote Desktop sessions

ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]

https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/

 Ring denies breach after users report suspicious logins

Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...]

https://www.bleepingcomputer.com/news/security/ring-denies-breach-after-users-report-suspicious-logins/

 Intel announces end of Clear Linux OS project, archives GitHub repos

The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...]

https://www.bleepingcomputer.com/news/security/intel-announces-end-of-clear-linux-os-project-archives-github-repos/

 Microsoft: Windows Server KB5062557 causes cluster, VM issues

Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-kb5062557-causes-cluster-vm-issues/

 Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...]

https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/

 UK to ban public sector orgs from paying ransomware gangs

The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/

 Cisco: Maximum-severity ISE RCE flaws now exploited in attacks

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisco-maximum-severity-ise-rce-flaws-now-exploited-in-attacks/

 Major European healthcare network discloses security breach

AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. [...]

https://www.bleepingcomputer.com/news/security/major-european-healthcare-network-discloses-security-breach/

 CISA and FBI warn of escalating Interlock ransomware attacks

CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-and-fbi-warn-of-escalating-interlock-ransomware-attacks/

 Coyote malware abuses Windows accessibility framework for data theft

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. [...]

https://www.bleepingcomputer.com/news/security/coyote-malware-abuses-windows-accessibility-framework-for-data-theft/

 Windows 11 gets new Black Screen of Death, auto recovery tool

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-gets-new-black-screen-of-death-auto-recovery-tool/

 Windows 11 KB5062660 update brings new 'Windows Resilience' features

​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5062660-update-brings-new-windows-resilience-features/

 Lumma infostealer malware returns after law enforcement disruption

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]

https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-returns-after-law-enforcement-disruption/

 Microsoft fixes bug behind incorrect Windows Firewall errors

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-incorrect-windows-firewall-errors/

 Operator of Jetflix illegal streaming service gets 7 years in prison

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]

https://www.bleepingcomputer.com/news/technology/operator-of-jetflix-illegal-streaming-service-gets-7-years-in-prison/

 npm 'accidentally' removes Stylus package, breaks builds and pipelines

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]

https://www.bleepingcomputer.com/news/security/npm-accidentally-removes-stylus-package-breaks-builds-and-pipelines/

 CISA warns of hackers exploiting SysAid vulnerabilities in attacks

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-sysaid-vulnerabilities-in-attacks/

 Ukraine arrests suspected admin of XSS Russian hacking forum

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...]

https://www.bleepingcomputer.com/news/security/ukraine-arrests-suspected-admin-of-xss-russian-hacking-forum/