The Buyer’s Guide to Browser Extension Management

Browser extensions boost productivity—but also open the door to hidden risks like data exfiltration and AitM attacks. Keep Aware's Buyer's Guide shows how to gain visibility, enforce policies, and block risky add-ons in real time. [...]

https://www.bleepingcomputer.com/news/security/the-buyers-guide-to-browser-extension-management/

 New VMScape attack breaks guest-host isolation on AMD, Intel CPUs

A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]

https://www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/

 Akira ransomware exploiting critical SonicWall SSLVPN bug again

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]

https://www.bleepingcomputer.com/news/security/akira-ransomware-exploiting-critical-sonicwall-sslvpn-bug-again/

 Microsoft adds malicious link warnings to Teams private chats

Microsoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. [...]

https://www.bleepingcomputer.com/news/security/microsoft-adds-malicious-link-warnings-to-teams-private-chats/

 Panama Ministry of Economy discloses breach claimed by INC ransomware

Panama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. [...]

https://www.bleepingcomputer.com/news/security/panama-ministry-of-economy-discloses-breach-claimed-by-inc-ransomware/

 Apple warns customers targeted in recent spyware attacks

Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). [...]

https://www.bleepingcomputer.com/news/security/apple-warns-customers-targeted-in-recent-spyware-attacks/

 U.S. Senator accuses Microsoft of “gross cybersecurity negligence”

U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. [...]

https://www.bleepingcomputer.com/news/security/us-senator-accuses-microsoft-of-gross-cybersecurity-negligence/

 Microsoft investigates Exchange Online outage in North America

Microsoft is working to resolve an ongoing Exchange Online outage affecting customers throughout North America, blocking their access to emails. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-exchange-online-outage-in-north-america/

 Samsung patches actively exploited zero-day reported by WhatsApp

Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. [...]

https://www.bleepingcomputer.com/news/security/samsung-patches-actively-exploited-zero-day-reported-by-whatsapp/

 Man gets over 4 years in prison for selling unreleased movies

A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. [...]

https://www.bleepingcomputer.com/news/security/man-gets-over-4-years-in-prison-for-selling-unreleased-movies/

 The first three things you’ll want during a cyberattack

When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. [...]

https://www.bleepingcomputer.com/news/security/the-first-three-things-youll-want-during-a-cyberattack/

 Windows 11 23H2 Home and Pro reach end of support in 60 days

Microsoft has reminded customers today that devices running Home and Pro editions of Windows 11 23H2 will stop receiving updates in November. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-60-days/

 CISA warns of actively exploited Dassault RCE vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a  manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-dassault-rce-vulnerability/

 New HybridPetya ransomware can bypass UEFI Secure Boot

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]

https://www.bleepingcomputer.com/news/security/new-hybridpetya-ransomware-can-bypass-uefi-secure-boot/

 'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. [...]

https://www.bleepingcomputer.com/news/security/whitecobra-floods-vscode-market-with-crypto-stealing-extensions/

 Microsoft reminds of Windows 10 support ending in 30 days

On Friday, Microsoft reminded customers once again that Windows 10 will reach its end of support in 30 days, on October 14. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-of-windows-10-support-ending-in-30-days/

 New VoidProxy phishing service targets Microsoft 365, Google accounts

A newly discovered phishing-as-a-service (PhaaS) platform, named VoidProxy, targets Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers such as Okta. [...]

https://www.bleepingcomputer.com/news/security/new-voidproxy-phishing-service-targets-microsoft-365-google-accounts/

 FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-unc6040-unc6395-hackers-stealing-salesforce-data/

 Microsoft says Windows September updates break SMBv1 shares

​Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-september-updates-break-smbv1-shares/

 Microsoft fixes Windows 11 audio issues confirmed in December

Microsoft has removed a safeguard hold that prevented some users from upgrading their systems to Windows 11 24H2 due to compatibility issues that were causing Bluetooth headsets and speakers to malfunction. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-11-audio-issues-confirmed-in-december/

 Stop waiting on NVD — get real-time vulnerability alerts now

Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. [...]

https://www.bleepingcomputer.com/news/security/stop-waiting-on-nvd-get-real-time-vulnerability-alerts-now/