Spike in Fortinet VPN brute-force attacks raises zero-day concerns

A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. [...]

https://www.bleepingcomputer.com/news/security/spike-in-fortinet-vpn-brute-force-attacks-raises-zero-day-concerns/

 New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...]

https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/

 Windows 11 24H2 updates failing again with 0x80240069 errors

The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-updates-failing-again-with-0x80240069-errors/

 Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. [...]

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-fortisiem-pre-auth-rce-flaw-with-exploit-in-the-wild/

 OpenAI relaxes GPT-5 rate limit, promises to improve the personality

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-relaxes-gpt-5-rate-limit-promises-to-improve-the-personality/

 Google Gemini's Deep Research is finally coming to API

Google Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/google-geminis-deep-research-is-finally-coming-to-api/

 Microsoft fixes Windows 11 24H2 updates failing with 0x80240069 error

Microsoft has resolved a known issue preventing the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Services (WSUS). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-11-24h2-updates-failing-with-0x80240069-error/

 CISA warns of N-able N-central flaws exploited in zero-day attacks

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (RMM) platform. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/

 Leak: OpenAI's browser will use ChatGPT Agent to control the browser

OpenAI is building an agentic future with its upcoming Chromium-based browser and a new leak confirms GPT Agent integration. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/leak-openais-browser-will-use-chatgpt-agent-to-control-the-browser/

 Canada’s House of Commons investigating data breach after cyberattack

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday. [...]

https://www.bleepingcomputer.com/news/security/canadas-house-of-commons-investigating-data-breach-after-cyberattack/

 When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Ransomware and infostealers are winning on stealth, not encryption. Picus Blue Report 2025 reveals just 3% of data exfiltration attempts are stopped. Find and fix your biggest exposure gaps before they're exploited. [...]

https://www.bleepingcomputer.com/news/security/when-theft-replaces-encryption-blue-report-2025-on-ransomware-and-infostealers/

 Booking.com phishing campaign uses sneaky 'ん' character to trick you

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at first. [...]

https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/

 Microsoft fixes Windows Server bug causing cluster, VM issues

Microsoft has resolved a known issue that triggers Cluster service and VM restart issues after installing July's Windows Server 2019 security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-bug-causing-cluster-vm-issues/

 Pro-Russian hackers blamed for water dam sabotage in Norway

The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. [...]

https://www.bleepingcomputer.com/news/security/pro-russian-hackers-blamed-for-water-dam-sabotage-in-norway/

 Crypto24 ransomware hits large orgs with custom EDR evasion tool

The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files. [...]

https://www.bleepingcomputer.com/news/security/crypto24-ransomware-hits-large-orgs-with-custom-edr-evasion-tool/

 Over $300 million in cybercrime crypto seized in anti-fraud effort

More than $300 million worth of cryptocurrency linked to cybercrime and fraud schemes has been frozen due to two separate initiatives involving law enforcement and private companies. [...]

https://www.bleepingcomputer.com/news/security/over-300-million-in-cybercrime-crypto-seized-in-anti-fraud-effort/

 US sanctions Grinex crypto-exchange, successor to Garantex

The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-grinex-crypto-exchange-garantexs-successor/

 Plex warns users to patch security vulnerability immediately

Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. [...]

https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/

 Microsoft reminds of Windows 10 support ending in two months

Microsoft has reminded customers that Windows 10 will be retired in two months after all editions of Windows 10, version 22H2 reach their end of servicing on October 14. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-users-of-windows-10-retirement-in-october/

 Cisco warns of max severity flaw in Firewall Management Center

Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/