Phishers abuse Google OAuth to spoof Google in DKIM replay attack

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. [...]

https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/

 WordPress ad-fraud plugins generated 1.4 billion ad requests per day

A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. [...]

https://www.bleepingcomputer.com/news/security/scallywag-ad-fraud-operation-generated-14-billion-ad-requests-per-day/

 Microsoft Entra account lockouts caused by user token logging mishap

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-entra-account-lockouts-caused-by-user-token-logging-mishap/

 Cookie-Bite attack PoC uses Chrome extension to steal session tokens

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. [...]

https://www.bleepingcomputer.com/news/security/cookie-bite-attack-poc-uses-chrome-extension-to-steal-session-tokens/

 Ripple’s recommended XRP library xrpl.js hacked to steal wallets

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. [...]

https://www.bleepingcomputer.com/news/security/ripples-recommended-xrp-library-xrpljs-hacked-to-steal-wallets/

 SK Telecom warns customer USIM data exposed in malware attack

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. [...]

https://www.bleepingcomputer.com/news/security/sk-telecom-warns-customer-usim-data-exposed-in-malware-attack/

 Windows 10 KB5055612 preview update fixes a GPU bug in WSL2

Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5055612-preview-update-fixes-a-gpu-bug-in-wsl2/

 Hackers abuse Zoom remote control feature for crypto-theft attacks

A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-zoom-remote-control-feature-for-crypto-theft-attacks/

 Active! Mail RCE flaw exploited in attacks on Japanese orgs

An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. [...]

https://www.bleepingcomputer.com/news/security/active-mail-rce-flaw-exploited-in-attacks-on-japanese-orgs/

 Marks & Spencer confirms a cyberattack as customers face delayed orders

Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. [...]

https://www.bleepingcomputer.com/news/security/marks-and-spencer-confirms-a-cyberattack-as-customers-face-delayed-orders/

 Microsoft fixes Windows Server 2025 blue screen, install issues

Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2025-blue-screen-and-install-issues/

 Microsoft fixes Remote Desktop freezes caused by Windows updates

​Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-remote-desktop-freezes-caused-by-windows-updates/

 Phishing detection is broken: Why most attacks feel like a zero day

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide. [...]

https://www.bleepingcomputer.com/news/security/phishing-detection-is-broken-why-most-attacks-feel-like-a-zero-day/

 ASUS releases fix for AMI bug that lets hackers brick servers

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]

https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/

 FBI: US lost record $16.6 billion to cybercrime in 2024

The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. [...]

https://www.bleepingcomputer.com/news/security/fbi-us-lost-record-166-billion-to-cybercrime-in-2024/

 Blue Shield of California leaked health data of 4.7 million members to Google

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]

https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/

 WhatsApp's new Advanced Chat Privacy protects sensitive messages

WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. [...]

https://www.bleepingcomputer.com/news/security/whatsapps-new-advanced-chat-privacy-protects-sensitive-messages/

 Russian army targeted by new Android malware hidden in mapping app

A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. [...]

https://www.bleepingcomputer.com/news/security/russian-army-targeted-by-new-android-malware-hidden-in-mapping-app/

 Linux 'io_uring' security blindspot allows stealthy rootkit attacks

A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. [...]

https://www.bleepingcomputer.com/news/security/linux-io-uring-security-blindspot-allows-stealthy-rootkit-attacks/

 Microsoft fixes bug causing incorrect 0x80070643 WinRE errors

Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-incorrect-0x80070643-winre-errors/