JaredFromSubway MEV bot hacked in $15 million crypto theft

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated ...

WhatsApp phishing attack uses fake business docs to hack PCs

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript ...

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to ...

Microsoft says Windows 11 26H2 is coming soon, details upgrade process

Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 ...

A Glimpse into the “Search Your Target” Market for Stolen Credentials

Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how ...
Bleeping Computer

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...

AryStinger botnet infected thousands of D-Link routers worldwide

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into ...

Leak confirms OpenAI is testing a ChatGPT for Science subscription

OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Bleeping Computer

Klue OAuth breach victim list grows as Icarus hackers claim attack

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new ...
Bleeping Computer

New Prinz Eugen ransomware prioritizes recent files for encryption

A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, Malwarebytes’ enterprise ...