Western Sydney University discloses security breaches, data leak

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. [...]

https://www.bleepingcomputer.com/news/security/western-sydney-university-discloses-security-breaches-data-leak/

 Microsoft starts final Windows Recall testing before rollout

​Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-final-windows-recall-testing-before-rollout/

 Microsoft Defender will isolate undiscovered endpoints to block attacks

Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-will-isolate-undiscovered-endpoints-to-block-attacks/

 AI-hallucinated code dependencies become new supply chain risk

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. [...]

https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/

 Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. [...]

https://www.bleepingcomputer.com/news/security/tycoon2fa-phishing-kit-targets-microsoft-365-with-new-tricks/

 Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0

OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/leak-confirms-openais-gpt-41-is-coming-before-gpt-50/

 Chrome 136 fixes 20-year browser history privacy risk

​Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. [...]

https://www.bleepingcomputer.com/news/security/chrome-136-fixes-20-year-browser-history-privacy-risk/

 Microsoft: Windows Server 2025 restarts break connectivity on some DCs

Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2025-restarts-break-services-on-domain-controllers/

 OpenAI's GPT-4.1, 4.1 nano, and 4.1 mini models release imminent

According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini. [...]

https://www.bleepingcomputer.com/news/artificial-intelligence/openais-gpt-41-41-nano-and-41-mini-models-release-imminent/

 Microsoft: New emergency Windows updates fix AD policy issues

Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-new-emergency-windows-updates-fix-ad-policy-issues/

 Microsoft tells Windows users to ignore 0x80070643 WinRE errors

Microsoft says some users might see 0x80070643 installation failures when trying to deploy the April 2025 Windows Recovery Environment (WinRE) updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-tells-windows-users-to-ignore-winre-install-errors/

 Enhancing your DevSecOps with Wazuh, the open source XDR platform

Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]

https://www.bleepingcomputer.com/news/security/enhancing-your-devsecops-with-wazuh-the-open-source-xdr-platform/

 Kidney dialysis firm DaVita hit by weekend ransomware attack

Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. [...]

https://www.bleepingcomputer.com/news/security/kidney-dialysis-firm-davita-hit-by-weekend-ransomware-attack/

 Meta to resume AI training on content shared by Europeans

Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. [...]

https://www.bleepingcomputer.com/news/technology/meta-to-resume-ai-training-on-content-shared-by-europeans/

 New ResolverRAT malware targets pharma and healthcare orgs worldwide

A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. [...]

https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/

 SSL/TLS certificate lifespans reduced to 47 days by 2029

The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. [...]

https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/

 Cybersecurity firm buying hacker forum accounts to spy on cybercriminals

Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on cybercrime forums to conduct threat intelligence operations. [...]

https://www.bleepingcomputer.com/news/security/cybersecurity-firm-buying-hacker-forum-accounts-to-spy-on-cybercriminals/

 Govtech giant Conduent confirms client data stolen in January cyberattack

American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. [...]

https://www.bleepingcomputer.com/news/security/govtech-giant-conduent-confirms-client-data-stolen-in-january-cyberattack/

 Hertz confirms customer info, drivers' licenses stolen in data breach

Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...]

https://www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/

 Microsoft warns of CPU spikes when typing in classic Outlook

Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-cpu-spikes-when-typing-in-classic-outlook/

 Google adds Android auto-reboot to block forensic data extractions

Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]

https://www.bleepingcomputer.com/news/security/google-adds-android-auto-reboot-to-block-forensic-data-extractions/