UK says AI will empower ransomware over the next two years


The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...]


https://www.bleepingcomputer.com/news/se...two-years/

Over 5,300 GitLab servers exposed to zero-click account takeover attacks


Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. [...]


https://www.bleepingcomputer.com/news/se...r-attacks/

VexTrio TDS: Inside a massive 70,000-domain cybercrime operation


A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites. [...]


https://www.bleepingcomputer.com/news/se...operation/

HPE: Russian hackers breached its security team’s email accounts


Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. [...]


https://www.bleepingcomputer.com/news/se...-accounts/

Hackers target WordPress database plugin active on 1 million sites


Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. [...]


https://www.bleepingcomputer.com/news/se...ion-sites/

Cisco warns of critical RCE flaw in communications software


Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. [...]


https://www.bleepingcomputer.com/news/se...-software/

Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo


Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition. [...]


https://www.bleepingcomputer.com/news/se...own-tokyo/

iPhone apps abuse iOS push notifications to collect user data


Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. [...]


https://www.bleepingcomputer.com/news/se...user-data/

Russian TrickBot malware dev sentenced to 64 months in prison


Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. [...]


https://www.bleepingcomputer.com/news/se...in-prison/

Blackwood hackers hijack WPS Office update to install malware

A previously unknown advanced threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. [...]


https://www.bleepingcomputer.com/news/se...l-malware/