Weaver E-cology critical bug exploited in attacks since March
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
BleepingComputer
37.3K posts
BleepingComputer
@BleepinComputer
Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
New York Katılım Haziran 2009
206 Takip Edilen252.2K Takipçiler
Amazon SES increasingly abused in phishing to evade detection
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
Backdoored PyTorch Lightning package drops credential stealer
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
Trellix discloses data breach after source code repository hack
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
💳 Fraudsters aren’t hacking credit unions, they are exploiting their normal business processes.
🔎 @Flaresystems reveals how structured loan fraud methods use stolen identities to pass verification and secure funds.
➡️ bleepingcomputer.com/news/security/…
#cybersecurity #sponsored
English
🚨 BREAKING: Hackers are now exploiting the cPanel authentication bypass flaw (CVE-2026-41940) to deploy "Sorry" ransomware on compromised websites.
Numerous sources say attacks began Thursday, with threat actors breaching servers and deploying a Go-based Linux encryptor that appends the .sorry extension to files.
What the ransomware does:
🔴 Encrypts files and appends the ".sorry" extension.
🔴 Protects the encryption key with an embedded RSA-2048 public key
🔴 Drops a README.md ransom note in every folder
🔴 Uses a fixed Tox ID for ransom negotiations
Victims are being instructed to contact the attacker via Tox to pay for decryption.
This is not related to the older 2018 HiddenTear ".sorry" ransomware. This is a new, Linux-targeting encryptor tied directly to active cPanel exploitation.
If you're running cPanel or WHM, patch immediately.
English
🛑 Security breaches don’t just test your defenses—they test your recovery.
Join Kaseya in an upcoming webinar to learn how to strengthen resilience with SaaS backups and BCDR to stay operational after attacks.
🎯 Register now: event.on24.com/wcc/r/5301783/…
#cybersecurity #bcdr #webinar
English
Progress warns of critical MOVEit Automation auth bypass flaw
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
Block all ads on 9 devices for life for only $16 in this AdGuard deal
bleepingcomputer.com/offer/deals/bl…
bleepingcomputer.com/offer/deals/bl…
English
Microsoft confirms April Windows updates cause backup failures
bleepingcomputer.com/news/microsoft…
bleepingcomputer.com/news/microsoft…
English
@SquiblydooBlog Microsoft has confirmed to BleepingComputer that these false positives were introduced when they added detections for certificates compromised in the recent DigiCert breach.
English
More from @SquiblydooBlog regarding how recently compromised DigiCert certificates were likely abused in malware campaigns:
x.com/SquiblydooBlog…
Squiblydoo@SquiblydooBlog
We didn't know how an actor was using EV Certificates issued to Lenovo and others. We now do. From DigiCert's incident report: "the threat actor used a compromised analyst endpoint to access DigiCert's internal support portal. The threat actor used a limited function within the customer-support portal which allows authenticated DigiCert support analysts to access customer accounts from the customer's perspective to facilitate support tasks. The threat actor was able to use this function to access initialization codes for orders that were approved but pending delivery for EV Code Signing certificate orders across a finite set of customer accounts." "Possession of the initialization code, combined with an approved order, is functionally sufficient to generate and retrieve the corresponding certificate." The full report can be found here and explains the incident in great detail: bugzilla.mozilla.org/show_bug.cgi?i… The report mentions "Where we got lucky: A community member involved in security research reported the evolving pattern of misused certificates and engaged in dialogue with our support team. Without that report, the undetected compromise of ENDPOINT2 and the associated mis-issuance might have remained undiscovered for a longer period." Special thanks goes to the regular contributors to the Cert Graveyard; @g0njxa , @malwrhunterteam , and others. Also special thanks to DigiCert: this report has a high level of transparency, which is warranted, and also well executed.
English
🚨 Warning: Microsoft Defender is wrongly flagging some DigiCert certificates as Trojan:Win32/Cerdigent.A!dha, triggering widespread false positives on Windows systems.
Admins report certificates being removed from the Windows trust store after recent Defender signature updates.
What’s happening:
🔴 Two DigiCert root certificates flagged as malware
🔴 Some systems remove certs from the AuthRoot trust store
🔴 Detection added in April 30th Defender signature updates
Microsoft has released fixes in Security Intelligence updates version 1.449.430.0.
The issue comes shortly after a DigiCert breach where attackers gained access to support systems and code-signing certificates.
If you're seeing Trojan:Win32/Cerdigent.A!dha alerts, update Defender signatures immediately.
English
Instructure confirms data breach, ShinyHunters claims attack
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
Telegram Mini Apps abused for crypto scams, Android malware delivery
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
English
Open-box Sony noise-canceling headphones just dropped to $275
bleepingcomputer.com/offer/deals/op…
bleepingcomputer.com/offer/deals/op…
English
For the full story on the new ransomware campaign targeting cPanel servers, see here:
ℹ️bleepingcomputer.com/news/security/…
English