Boyd Gaming discloses data breach after suffering a cyberattack

US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. [...]

https://www.bleepingcomputer.com/news/security/boyd-gaming-discloses-data-breach-after-suffering-a-cyberattack/

 GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. [...]

https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

 PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. [...]

https://www.bleepingcomputer.com/news/security/pypi-urges-users-to-reset-credentials-after-new-phishing-attacks/

 UK arrests suspect for RTX ransomware attack causing airport disruptions

The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. [...]

https://www.bleepingcomputer.com/news/security/uk-arrests-suspect-for-rtx-ransomware-attack-causing-airport-disruptions/

 Google: Brickstone malware used to steal U.S. orgs' data for over a year

Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. [...]

https://www.bleepingcomputer.com/news/security/google-brickstone-malware-used-to-steal-us-orgs-data-for-over-a-year/

 Obscura, an obscure new ransomware variant

Huntress analysts discovered a previously unseen ransomware variant, Obscura, spreading from a victim company's domain controller. Learn how Obscura works—and what it means for defenders—in this week's Tradecraft Tuesday. [...]

https://www.bleepingcomputer.com/news/security/obscura-an-obscure-new-ransomware-variant/

 Police seizes $439 million stolen by cybercrime rings worldwide

In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes that impacted thousands of victims worldwide. [...]

https://www.bleepingcomputer.com/news/security/police-seizes-439-million-stolen-by-cybercrime-rings-worldwide/

 Unpatched flaw in OnePlus phones lets rogue apps text messages

A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. [...]

https://www.bleepingcomputer.com/news/security/unpatched-flaw-in-oneplus-phones-lets-rogue-apps-text-messages/

 Cisco warns of IOS zero-day vulnerability exploited in attacks

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-ios-zero-day-vulnerability-exploited-in-attacks/

 Kali Linux 2025.3 released with 10 new tools, wifi enhancements

Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-20253-released-with-10-new-tools-wifi-enhancements/

 OpenAI is testing a new GPT-5-based AI agent "GPT-Alpha"

OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed "GPT-Alpha." [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-testing-a-new-gpt-5-based-ai-agent-gpt-alpha/

 New Supermicro BMC flaws can create persistent backdoors

Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. [...]

https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/

 Microsoft will offer free Windows 10 security updates in Europe

Microsoft will offer free extended security updates for Windows 10 users in the European Economic Area (EEA), which includes Iceland, Liechtenstein, Norway, and all 27 European Union member states. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-offer-free-windows-10-security-updates-in-europe/

 Teen suspected of Vegas casino cyberattacks released to parents

A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of his parents, a family court judge ruled. [...]

https://www.bleepingcomputer.com/news/security/teen-suspected-of-vegas-casino-cyberattacks-released-to-parents/

 How secure are passkeys, really? Here's what you need to know

Passwords are weak links—88% of breaches involve stolen creds. Learn more from Specops Software about how passkeys deliver phishing resistance, simpler logins & lower support costs (with some hurdles to adoption). [...]

https://www.bleepingcomputer.com/news/security/how-secure-are-passkeys-really-heres-what-you-need-to-know/

 Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. [...]

https://www.bleepingcomputer.com/news/security/malicious-rust-packages-on-cratesio-steal-crypto-wallet-keys/

 Amazon pays $2.5 billion to settle Prime memberships lawsuit

Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions of users into enrolling in its Prime program and made it as difficult as possible to cancel the recurring subscriptions. [...]

https://www.bleepingcomputer.com/news/technology/amazon-pays-25-billion-to-settle-prime-memberships-lawsuit/

 Cisco warns of ASA firewall zero-days exploited in attacks

Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's firewall software. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-asa-firewall-zero-days-exploited-in-attacks/

 CISA orders agencies to patch Cisco flaws exploited in zero-day attacks

CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-cisco-flaws-exploited-in-zero-day-attacks/

 Co-op says it lost $107 million after Scattered Spider attack

The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April. [...]

https://www.bleepingcomputer.com/news/security/co-op-says-it-lost-107-million-after-scattered-spider-attack/

 Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. [...]

https://www.bleepingcomputer.com/news/security/unofficial-postmark-mcp-npm-silently-stole-users-emails/