FBI: Fraudsters use couriers to steal money in crypto scams
…scams accounted for 49% of all scam-related incidents and resulted in $8.6 billion in losses. Test every layer before attackers do Security teams log 54% of successful attacks and alert…
Search
New IronWorm malware hits 36 packages in npm supply-chain attack
…Application security company Ox Security says that the IronWorm attack was detected very early and stopped before it spread to more popular packages on npm. The company provides a list of all…
Bluekit phishing kit adopts browser-in-the-middle for login theft
…Automating email security with behavioral AI. " The webinar will explore how behavioral AI can help security teams detect and respond to modern phishing attacks, automate investigations and remediation, and reduce the operational…
Chinese hackers breach REDCap servers, steal medical research
…Based on the investigation, the compromise of the medical research organization occurred in September 2023, and the malicious activity continued for more than a year through November 2025. GTIG says that three…
Windows BitLocker zero-day gives access to protected drives, PoC released
…BleepingComputer has contacted Microsoft for a comment on Chaotic Eclipse’s latest exploit leaks, and a spokesperson stated that the company is committed to investigating reported security issues, "and update impacted devices…
Why Account Takeovers Are Rising and How to Stop Them
…Campaigns like this show how difficult phishing attacks can be to identify, even for security-aware users. Secure your Active Directory passwords with Specops Password Policy Verizon’s Data Breach Investigation Report…
Canvas login portals hacked in mass ShinyHunters extortion campaign
…Instructure confirmed that data was stolen during the attack but that they are continuing to investigate the incident. BleepingComputer has repeatedly contacted Instructure with questions about the attack, including today's, and…
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
…However, Rapid7 says that in many incidents, even though the appliance accepted the forged cookie, they were unable to establish a full VPN session. Rapid7's investigation into affected customers found that…
Fake Claude AI website delivers new 'Beagle' Windows malware
…According to the researchers, NOVupdate.exe is a signed updater for G Data security solutions that the hacker uses to sideload the malicious avk.dll and the encrypted NOVupdate.exe.dat file…
GM agrees to $12.75M California settlement over sale of drivers’ data
…The investigation into this activity began in 2024, following media reports about automakers, including GM, sharing driver behavior with insurers. The data was allegedly collected through GM’s OnStar subsidiary and its…