Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit

Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity. [...]

https://www.bleepingcomputer.com/news/security/hackers-fooled-cognizant-help-desk-says-clorox-in-380m-cyberattack-lawsuit/

 Proton launches privacy-respecting encrypted AI assistant Lumo

Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/proton-launches-privacy-respecting-encrypted-ai-assistant-lumo/

 Brave blocks Windows Recall from screenshotting your browsing activity

Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy. [...]

https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/

 Microsoft: SharePoint servers also targeted in ransomware attacks

A Chinese hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. [...]

https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-servers-also-targeted-in-ransomware-attacks/

 SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/

 Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/

 Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...]

https://www.bleepingcomputer.com/news/security/mitel-warns-of-critical-mivoice-mx-one-authentication-bypass-flaw/

 Hacker sneaks infostealer malware into early access Steam game

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. [...]

https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/

 New Koske Linux malware hides in cute panda images

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. [...]

https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/

 OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users

ChatGPT Agent is now rolling out to users with $20 Plus subscription, but OpenAI warns that it will take a few days for the rollout to finish. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-confirms-chatgpt-agent-is-now-rolling-out-for-20-plus-users/

 BlackSuit ransomware leak sites seized in Operation Checkmate

Law enforcement has seized the dark web leak sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. [...]

https://www.bleepingcomputer.com/news/security/law-enforcement-seizes-blacksuit-ransomware-leak-sites/

 Microsoft lifts Windows 11 update block for Easy Anti-Cheat users

Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-update-block-for-easy-anti-cheat-users/

 Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. [...]

https://www.bleepingcomputer.com/news/security/us-woman-sentenced-to-8-years-in-prison-for-running-laptop-farm-helping-north-koreans-infiltrate-300-firms/

 US sanctions North Korean firm, nationals behind IT worker schemes

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-north-korean-firm-nationals-behind-it-worker-schemes/

 The role of the cybersecurity PM in incident-driven development

From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. [...]

https://www.bleepingcomputer.com/news/security/the-role-of-the-cybersecurity-pm-in-incident-driven-development/

 Microsoft investigates outage affecting Microsoft 365 admin center

Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outage-affecting-microsoft-365-admin-center/

 Amazon AI coding agent hacked to inject data wiping commands

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...]

https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands/

 Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks

More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. [...]

https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-exposes-200k-wordpress-sites-to-hijacking-attacks/

 Allianz Life confirms data breach impacts majority of 1.4 million customers

Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month. [...]

https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/

 Scattered Spider is running a VMware ESXi hacking spree

Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. [...]

https://www.bleepingcomputer.com/news/security/scattered-spider-is-running-a-vmware-esxi-hacking-spree/

 Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss

Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them. [...]

https://www.bleepingcomputer.com/news/security/free-tool-autoswagger-finds-the-api-flaws-attackers-hope-you-miss/