Microsoft gives US students a free year of Microsoft 365 Personal

Microsoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-gives-us-students-a-free-year-of-microsoft-365-personal/

 Max severity Argo CD API flaw leaks repository credentials

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. [...]

https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/

 Financial services firm Wealthsimple discloses data breach

Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. [...]

https://www.bleepingcomputer.com/news/security/financial-services-firm-wealthsimple-discloses-data-breach/

 EU fines Google $3.5 billion for anti-competitive ad practices

The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over those of its competitors. [...]

https://www.bleepingcomputer.com/news/google/eu-fines-google-35-billion-for-anti-competitive-ad-practices/

 Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-enforces-mfa-on-azure-portal-sign-ins-for-all-tenants/

 AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. [...]

https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/

 VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. [...]

https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/

 Czech cyber agency warns against Chinese tech in critical infrastructure

The Czech Republic's National Cyber and Information Security Agency (NUKIB) is instructing critical infrastructure organizations in the country to avoid using Chinese technology or transferring user data to servers located in China. [...]

https://www.bleepingcomputer.com/news/security/czech-cyber-agency-warns-against-chinese-tech-in-critical-infrastructure/

 iCloud Calendar abused to send phishing emails from Apple’s servers

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. [...]

https://www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/

 ChatGPT makes Projects feature free, adds a toggle to split chat

ChatGPT's Projects feature is now feature and second new feature allows you to create new conversations from existing conversations. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-makes-projects-feature-free-adds-a-toggle-to-split-chat/

 Google to make it easier to access AI Mode as default

Google plans to make it easier for users to access AI mode by allowing them to set it as the default, replacing the traditional blue links. [...]

https://www.bleepingcomputer.com/news/google/google-to-make-it-easier-to-access-ai-mode-as-default/

 Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management

With WSUS deprecated, it's time to move from an outdated legacy patching system to a modern one. Learn from Action1 how its modern patching platform offers cloud-native speed, 3rd-party coverage, real-time compliance, and zero infrastructure. Try it free now! [...]

https://www.bleepingcomputer.com/news/security/action1-vs-microsoft-wsus-a-better-approach-to-modern-patch-management/

 Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. [...]

https://www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/

 Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/

 Sports streaming piracy service with 123M yearly visits shut down

​Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...]

https://www.bleepingcomputer.com/news/security/massive-calcio-sports-streaming-piracy-service-with-123m-yearly-visits-shut-down/

 Lovesac confirms data breach after ransomware attack claims

American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. [...]

https://www.bleepingcomputer.com/news/security/lovesac-confirms-data-breach-after-ransomware-attack-claims/

 Signal adds secure cloud backups to save and restore chats

Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. [...]

https://www.bleepingcomputer.com/news/security/signal-adds-secure-cloud-backups-to-save-and-restore-chats/

 Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. [...]

https://www.bleepingcomputer.com/news/security/hackers-steal-3-325-secrets-in-ghostaction-github-supply-chain-attack/

 Surge in networks scans targeting Cisco ASA devices raise concerns

Large network scans have been  targeting Cisco ASA devices, prompting warnings from cybersecurity researchers that it could indicate an upcoming flaw in the products. [...]

https://www.bleepingcomputer.com/news/security/surge-in-networks-scans-targeting-cisco-asa-devices-raise-concerns/

 Plex tells users to reset passwords after new data breach

Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. [...]

https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/

 Microsoft testing new AI features in Windows 11 File Explorer

Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing to open the files. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-new-ai-features-in-windows-11-file-explorer/