SonicWall releases SMA100 firmware update to wipe rootkit malware

SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/

 SolarWinds releases third patch to fix Web Help Desk RCE bug

SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-releases-third-patch-to-fix-web-help-desk-rce-bug/

 5 ways to streamline Identity Governance with this free tool

Identity Governance doesn't have to be complex or costly. tenfold's free Community Edition helps orgs (up to 150 users) streamline onboarding, access reviews & M365 permissions — all with a no-code IGA platform. [...]

https://www.bleepingcomputer.com/news/security/5-ways-to-streamline-identity-governance-with-this-free-tool/

 Police dismantles crypto fraud ring linked to €100 million in losses

Law enforcement authorities in Europe have arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100 million ($118 million) from more than 100 victims. [...]

https://www.bleepingcomputer.com/news/security/police-dismantles-crypto-fraud-ring-linked-to-100-million-in-losses/

 CISA says hackers breached federal agency using GeoServer exploit

CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. [...]

https://www.bleepingcomputer.com/news/security/cisa-says-hackers-breached-federal-agency-using-geoserver-exploit/

 Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack

Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). [...]

https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-new-record-breaking-222-tbps-ddos-attack/

 WhatsApp adds message translation to iPhone and Android apps

WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates. [...]

https://www.bleepingcomputer.com/news/security/whatsapp-adds-message-translation-to-iphone-and-android-apps/

 Libraesva ESG issues emergency fix for bug exploited by state hackers

Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. [...]

https://www.bleepingcomputer.com/news/security/libraesva-esg-issues-emergency-fix-for-bug-exploited-by-state-hackers/

 Boyd Gaming discloses data breach after suffering a cyberattack

US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. [...]

https://www.bleepingcomputer.com/news/security/boyd-gaming-discloses-data-breach-after-suffering-a-cyberattack/

 GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. [...]

https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

 PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. [...]

https://www.bleepingcomputer.com/news/security/pypi-urges-users-to-reset-credentials-after-new-phishing-attacks/

 UK arrests suspect for RTX ransomware attack causing airport disruptions

The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. [...]

https://www.bleepingcomputer.com/news/security/uk-arrests-suspect-for-rtx-ransomware-attack-causing-airport-disruptions/

 Google: Brickstone malware used to steal U.S. orgs' data for over a year

Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. [...]

https://www.bleepingcomputer.com/news/security/google-brickstone-malware-used-to-steal-us-orgs-data-for-over-a-year/

 Obscura, an obscure new ransomware variant

Huntress analysts discovered a previously unseen ransomware variant, Obscura, spreading from a victim company's domain controller. Learn how Obscura works—and what it means for defenders—in this week's Tradecraft Tuesday. [...]

https://www.bleepingcomputer.com/news/security/obscura-an-obscure-new-ransomware-variant/

 Police seizes $439 million stolen by cybercrime rings worldwide

In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked to cyber-enabled financial crimes that impacted thousands of victims worldwide. [...]

https://www.bleepingcomputer.com/news/security/police-seizes-439-million-stolen-by-cybercrime-rings-worldwide/

 Unpatched flaw in OnePlus phones lets rogue apps text messages

A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. [...]

https://www.bleepingcomputer.com/news/security/unpatched-flaw-in-oneplus-phones-lets-rogue-apps-text-messages/

 Cisco warns of IOS zero-day vulnerability exploited in attacks

Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-ios-zero-day-vulnerability-exploited-in-attacks/

 Kali Linux 2025.3 released with 10 new tools, wifi enhancements

Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-20253-released-with-10-new-tools-wifi-enhancements/

 OpenAI is testing a new GPT-5-based AI agent "GPT-Alpha"

OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed "GPT-Alpha." [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openai-is-testing-a-new-gpt-5-based-ai-agent-gpt-alpha/

 New Supermicro BMC flaws can create persistent backdoors

Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. [...]

https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/