Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. [...]

Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data. [...]

The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. [...]

British supermarket chain Co-op Food has confirmed to BleepingComputer via a statement that it has suffered limited operational disruption as it responds to a cyberattack. [...]

​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. [...]

Microsoft has announced it will require paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting. [...]

Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. [...]

Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. [...]

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. [...]

South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. [...]

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. [...]

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows. The study, which used 16 of the most …

Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. [...]

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as "Scattered Spider" BleepingComputer has learned from multiple sources. [...]

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. [...]

Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. [...]

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. [...]

​Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. [...]

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. [...]

About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for …

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [...]

Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality. [...]

The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. [...]

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. [...]

The FBI is offering $10 million for information about the China-state hacking group tracked as Salt Typhoon and its intrusion last year into sensitive networks belonging to multiple US telecommunications companies. Salt Typhoon is one of a half-dozen or more hacking groups that work on behalf of the People …