Saturday, July 19, 2025

BleepingComputer.com is an information security and technology news publication

https://www.bleepstatic.com/images/site/logo.png
  • Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

    A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.

  • How to conduct an AI risk assessment [Free Guide]

    Shadow AI is growing fast. Stay one step ahead.

    Learn how to take a scalable approach to AI risk assessments so you can safeguard your org's proprietary data without blocking innovation.

  • Popular npm linter packages hijacked via phishing to drop malware

    Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.

  • OpenAI, Anthropic, Google may disrupt education market with new AI tools

    AI companies could soon disrupt the education market with their new AI-based learning tools for students.

  • New CrushFTP zero-day exploited in attacks to hijack servers

    CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers.

  • Arch Linux pulls AUR packages that installed Chaos RAT malware

    Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices.

  • UK ties GRU to stealthy Microsoft 365 credential-stealing malware

    The UK National Cyber Security Centre (NCSC) has formally attributed 'Authentic Antics' espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia's military intelligence service (GRU).

  • Microsoft mistakenly tags Windows Firewall error log bug as fixed

    Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution.

  • New ChatGPT o3-alpha model hints at coding upgrade

    ChatGPT's o3 is OpenAI's best model to date because it features reasoning, and it might get even better in the next update.

  • Russian alcohol retailer WineLab closes stores after ransomware attack

    WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers.

  • No comments: