Fake 'Inflation Refund' texts target New Yorkers in new scam

An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer "Inflation Refunds" in an attempt to steal victims' personal and financial data. [...]

https://www.bleepingcomputer.com/news/security/fake-inflation-refund-texts-target-new-yorkers-in-new-scam/

 Harvard investigating breach linked to Oracle zero-day exploit

Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers. [...]

https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/

 Microsoft: Windows 11 Media Creation Tool broken on Windows 10 PCs

Microsoft says the latest version of the Windows 11 Media Creation Tool (MCT) no longer works correctly on Windows 10 22H2 computers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-media-creation-tool-broken-on-windows-10-pcs/

 Meet Varonis Interceptor: AI-Native Email Security

AI-generated phishing and social engineering attacks outpace traditional email defenses. Varonis' new Interceptor platform uses multimodal AI — vision, language, and behavior models — to detect zero-hour attacks and stop them before they reach users. [...]

https://www.bleepingcomputer.com/news/security/meet-varonis-interceptor-ai-native-email-security/

 Oracle releases emergency patch for new E-Business Suite flaw

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. [...]

https://www.bleepingcomputer.com/news/security/oracle-releases-emergency-patch-for-new-e-business-suite-flaw/

 Microsoft investigates outage affecting Microsoft 365 apps

Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outage-affecting-microsoft-365-apps/

 SonicWall VPN accounts breached using stolen creds in widespread attacks

Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-vpn-accounts-breached-using-stolen-creds-in-widespread-attacks/

 Massive multi-country botnet targets RDP services in the US

A large-scale botnet is targeting Remote Desktop Protocol (RDP) services in the United States from more than 100,000 IP addresses. [...]

https://www.bleepingcomputer.com/news/security/massive-multi-country-botnet-targets-rdp-services-in-the-us/

 SimonMed says 1.2 million patients impacted in January data breach

U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information. [...]

https://www.bleepingcomputer.com/news/security/simonmed-says-12-million-patients-impacted-in-january-data-breach/

 Microsoft restricts IE mode access in Edge after zero-day attacks

Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. [...]

https://www.bleepingcomputer.com/news/security/microsoft-restricts-ie-mode-access-in-edge-after-zero-day-attacks/

 Chinese hackers abuse geo-mapping tool for year-long persistence

Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-geo-mapping-tool-for-year-long-persistence/

 Secure Boot bypass risk on nearly 200,000 Linux Framework sytems

Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. [...]

https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/

 When AI Agents Join the Teams: The Hidden Security Shifts No One Expects

AI assistants are no longer just helping — they're acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As "Shadow AI" spreads, learn from Token Security why orgs must govern these agents like powerful new identities before oversight disappears. [...]

https://www.bleepingcomputer.com/news/security/when-ai-agents-join-the-teams-the-hidden-security-shifts-no-one-expects/

 Security firms debate CVE credit in overlapping vulnerability reports

FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs' reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. [...]

https://www.bleepingcomputer.com/news/security/security-firms-debate-cve-credit-in-overlapping-vulnerability-reports/

 Microsoft warns that Windows 10 reaches end of support today

Microsoft has reminded customers today that Windows 10 has reached the end of support and will no longer receive patches for newly discovered security vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-that-windows-10-reaches-end-of-support-today/

 Oracles silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]

https://www.bleepingcomputer.com/news/security/oracles-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/

 US seizes $15 billion in crypto from 'pig butchering' kingpin

The U.S. Department of Justice has seized $15 billion in bitcoin from the leader of Prince Group, a criminal organization that stole billions of dollars from victims in the United States through cryptocurrency investment scams, also known as romance baiting or pig butchering. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-15-billion-in-crypto-from-pig-butchering-kingpin/

 Windows 11 KB5066835 and KB5066793 updates released

Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5066835-and-kb5066793-updates-released/

 Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/

 Microsoft: Exchange 2016 and 2019 have reached end of support

Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-have-reached-end-of-support/

 New Android Pixnapping attack steals MFA codes pixel-by-pixel

A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. [...]

https://www.bleepingcomputer.com/news/security/new-android-pixnapping-attack-steals-mfa-codes-pixel-by-pixel/