Category: BleepingComputer

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […]

MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. […]

An anti-piracy coalition has dismantled one of India’s most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. […]

Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user. […]

Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access and sharing. […]

Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. […]

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. […]

The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. […]

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. […]

A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. […]