US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]
https://www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]
https://www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
BleepingComputer
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux.
Google paid $17.1 million for vulnerability reports in 2025
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. [...]
https://www.bleepingcomputer.com/news/google/google-paid-171-million-for-vulnerability-reports-in-2025/
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. [...]
https://www.bleepingcomputer.com/news/google/google-paid-171-million-for-vulnerability-reports-in-2025/
BleepingComputer
Google paid $17.1 million for vulnerability reports in 2025
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025.
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. [...]
https://www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. [...]
https://www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
BleepingComputer
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach.
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]
https://www.bleepingcomputer.com/news/security/going-the-extra-mile-travel-rewards-turn-into-underground-currency/
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]
https://www.bleepingcomputer.com/news/security/going-the-extra-mile-travel-rewards-turn-into-underground-currency/
BleepingComputer
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency.
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
https://www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
https://www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/
BleepingComputer
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/us-charges-another-ransomware-negotiator-linked-to-blackcat-attacks/
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/us-charges-another-ransomware-negotiator-linked-to-blackcat-attacks/
BleepingComputer
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation.
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.
The post Apple Updates Legacy iOS Versions to Patch Coruna Exploits appeared first on SecurityWeek.
https://www.securityweek.com/apple-updates-older-ios-versions-to-patch-coruna-exploits/
The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.
The post Apple Updates Legacy iOS Versions to Patch Coruna Exploits appeared first on SecurityWeek.
https://www.securityweek.com/apple-updates-older-ios-versions-to-patch-coruna-exploits/
SecurityWeek
Apple Updates Legacy iOS Versions to Patch Coruna Exploits
The company has released iOS and iPadOS versions 16.7.15 and 15.8.7 to patch the vulnerabilities.
Meta Launches New Protection Tools as It Helps Disrupt Scam Centers
The social media giant has disabled more than 150,000 accounts powering scam centers in Asia.
The post Meta Launches New Protection Tools as It Helps Disrupt Scam Centers appeared first on SecurityWeek.
https://www.securityweek.com/meta-launches-new-protection-tools-as-it-helps-disrupt-scam-centers/
The social media giant has disabled more than 150,000 accounts powering scam centers in Asia.
The post Meta Launches New Protection Tools as It Helps Disrupt Scam Centers appeared first on SecurityWeek.
https://www.securityweek.com/meta-launches-new-protection-tools-as-it-helps-disrupt-scam-centers/
SecurityWeek
Meta Launches New Protection Tools as It Helps Disrupt Scam Centers
The social media giant has disabled more than 150,000 accounts powering scam centers in Asia.
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
The issue allows attackers to inject SQL queries and extract sensitive information from the database.
The post Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks appeared first on SecurityWeek.
https://www.securityweek.com/ally-wordpress-plugin-flaw-exposes-over-200000-websites-to-attacks/
The issue allows attackers to inject SQL queries and extract sensitive information from the database.
The post Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks appeared first on SecurityWeek.
https://www.securityweek.com/ally-wordpress-plugin-flaw-exposes-over-200000-websites-to-attacks/
SecurityWeek
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
The issue allows attackers to inject SQL queries and extract sensitive information from the database.
The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team.
The post The Human IOC: Why Security Professionals Struggle with Social Vetting appeared first on SecurityWeek.
https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/
Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team.
The post The Human IOC: Why Security Professionals Struggle with Social Vetting appeared first on SecurityWeek.
https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/
SecurityWeek
The Human IOC: Why Security Professionals Struggle with Social Vetting
Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team.
Splunk, Zoom Patch Severe Vulnerabilities
Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.
The post Splunk, Zoom Patch Severe Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/splunk-zoom-patch-severe-vulnerabilities/
Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.
The post Splunk, Zoom Patch Severe Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/splunk-zoom-patch-severe-vulnerabilities/
SecurityWeek
Splunk, Zoom Patch Severe Vulnerabilities
Critical- and high-severity flaws could be exploited to execute arbitrary shell commands or elevate privileges.
Cisco Patches High-Severity IOS XR Vulnerabilities
The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.
The post Cisco Patches High-Severity IOS XR Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.
The post Cisco Patches High-Severity IOS XR Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/
SecurityWeek
Cisco Patches High-Severity IOS XR Vulnerabilities
The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover.
Critical N8n Vulnerabilities Allowed Server Takeover
The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers.
The post Critical N8n Vulnerabilities Allowed Server Takeover appeared first on SecurityWeek.
https://www.securityweek.com/critical-n8n-vulnerabilities-allowed-server-takeover/
The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers.
The post Critical N8n Vulnerabilities Allowed Server Takeover appeared first on SecurityWeek.
https://www.securityweek.com/critical-n8n-vulnerabilities-allowed-server-takeover/
SecurityWeek
Critical N8n Vulnerabilities Allowed Server Takeover
The bugs allowed unauthenticated attackers to execute arbitrary code, steal credentials, and take over servers.
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement.
The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek.
https://www.securityweek.com/polyfill-supply-chain-attack-impacting-100k-sites-linked-to-north-korea/
The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement.
The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek.
https://www.securityweek.com/polyfill-supply-chain-attack-impacting-100k-sites-linked-to-north-korea/
SecurityWeek
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement.
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
The post Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/storm-2561-uses-seo-poisoning-to-distribute-fake-vpn-clients-for-credential-theft/
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
The post Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/storm-2561-uses-seo-poisoning-to-distribute-fake-vpn-clients-for-credential-theft/
Microsoft News
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
❤1
From transparency to action: What the latest Microsoft email security benchmark reveals
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/from-transparency-to-action-what-the-latest-microsoft-email-security-benchmark-reveals/
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/from-transparency-to-action-what-the-latest-microsoft-email-security-benchmark-reveals/
Microsoft News
From transparency to action: What the latest Microsoft email security benchmark reveals
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/
BleepingComputer
Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications.
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. [...]
https://www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. [...]
https://www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
BleepingComputer
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform.
Poland's nuclear research centre targeted by cyberattack
Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]
https://www.bleepingcomputer.com/news/security/polands-nuclear-research-centre-targeted-by-cyberattack/
Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]
https://www.bleepingcomputer.com/news/security/polands-nuclear-research-centre-targeted-by-cyberattack/
BleepingComputer
Poland's nuclear research centre targeted by cyberattack
Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact.
Microsoft investigates classic Outlook sync and connection issues
Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-classic-outlook-sync-and-connection-issues/
Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-classic-outlook-sync-and-connection-issues/
BleepingComputer
Microsoft investigates classic Outlook sync and connection issues
Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client.
From VMware to what’s next: Protecting data during hypervisor migration
Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. [...]
https://www.bleepingcomputer.com/news/security/from-vmware-to-whats-next-protecting-data-during-hypervisor-migration/
Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. [...]
https://www.bleepingcomputer.com/news/security/from-vmware-to-whats-next-protecting-data-during-hypervisor-migration/
BleepingComputer
From VMware to what’s next: Protecting data during hypervisor migration
Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions.