BleepingComputer - Latest News and Information
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Technology Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
BleepingComputer

BleepingComputer

Publication
0 followers

Security news and advisories with gov/infra impact.

Recent Posts

Online Retailer PcComponentes Says Data Breach Claims Are Fake
News•Jan 21, 2026

Online Retailer PcComponentes Says Data Breach Claims Are Fake

PcComponentes, a leading Spanish tech retailer, denied a claim that a breach exposed 16 million customers, stating the figure was inflated. The company confirmed a credential‑stuffing attack that compromised a limited set of accounts, revealing names, addresses and contact details. Threat actor ‘daghetiaw’ leaked 500,000 records and offered the remainder for sale, prompting PcComponentes to investigate. In response, the retailer implemented CAPTCHA, mandatory two‑factor authentication and session invalidation to protect users.

By BleepingComputer
Fortinet Admins Report Patched FortiGate Firewalls Getting Hacked
News•Jan 21, 2026

Fortinet Admins Report Patched FortiGate Firewalls Getting Hacked

Fortinet’s latest FortiOS releases (7.4.9 and 7.4.10) failed to fully remediate the critical CVE‑2025‑59718 authentication bypass, allowing attackers to create privileged admin accounts via crafted SAML messages. Administrators have reported successful exploits on patched firewalls, prompting Fortinet to announce emergency...

By BleepingComputer
Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms
News•Jan 21, 2026

Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms

Pentera uncovered nearly 2,000 publicly exposed security‑testing web apps—such as DVWA, Juice Shop and bWAPP—hosted on AWS, GCP and Azure. These intentionally vulnerable tools were linked to over‑privileged IAM roles, allowing attackers to steal cloud credentials and gain admin access....

By BleepingComputer
GitLab Warns of High-Severity 2FA Bypass, Denial-of-Service Flaws
News•Jan 21, 2026

GitLab Warns of High-Severity 2FA Bypass, Denial-of-Service Flaws

GitLab announced patches for a high‑severity two‑factor authentication bypass (CVE‑2026‑0723) and multiple denial‑of‑service flaws affecting both Community and Enterprise editions. The 2FA bypass lets attackers with a known account ID circumvent the second factor, while CVE‑2025‑13927 and CVE‑2025‑13928 enable unauthenticated...

By BleepingComputer
Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026
News•Jan 21, 2026

Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026

Security researchers at Pwn2Own Automotive 2026 demonstrated 37 zero‑day vulnerabilities in Tesla's infotainment system, earning $516,500 on day one. Synacktiv secured $35,000 by chaining an information leak and out‑of‑bounds write to gain root, while other teams exploited EV chargers and navigation...

By BleepingComputer
EU Plans Cybersecurity Overhaul to Block Foreign High-Risk Suppliers
News•Jan 20, 2026

EU Plans Cybersecurity Overhaul to Block Foreign High-Risk Suppliers

The European Commission has unveiled a comprehensive cybersecurity package that gives it authority to conduct EU‑wide risk assessments and restrict high‑risk foreign suppliers in critical telecom infrastructure. The proposal builds on the voluntary 5G Security Toolbox and expands the Cybersecurity...

By BleepingComputer
Make Identity Threat Detection Your Security Strategy for 2026
News•Jan 20, 2026

Make Identity Threat Detection Your Security Strategy for 2026

Identity Threat Detection & Response (ITDR) is positioned as the core security strategy for 2026, shifting focus from perimeter defenses to monitoring compromised accounts. The article highlights that identity‑based attacks are the most common threat, and traditional controls like MFA...

By BleepingComputer
Webinar: Aligning Cybersecurity Purchases with What Your SOC Team Needs
News•Jan 20, 2026

Webinar: Aligning Cybersecurity Purchases with What Your SOC Team Needs

Security operations centers are plagued by alert fatigue because many tools are selected by executives without input from analysts. A BleepingComputer webinar on Jan. 29 will feature Sumo Logic experts discussing the disconnect between purchasing decisions and SOC needs. The session...

By BleepingComputer
New OpenAI Leak Hints at Upcoming ChatGPT Features
News•Jan 19, 2026

New OpenAI Leak Hints at Upcoming ChatGPT Features

OpenAI is quietly testing a major ChatGPT web update slated for rollout in the next few weeks. The preview, dubbed “Salute,” adds a task‑creation interface with file uploads and progress tracking. Additional changes include a model‑preference flag aimed at hospitality‑specific...

By BleepingComputer
Microsoft Releases OOB Windows Updates to Fix Shutdown, Cloud PC Bugs
News•Jan 18, 2026

Microsoft Releases OOB Windows Updates to Fix Shutdown, Cloud PC Bugs

Microsoft issued emergency out‑of‑band (OOB) updates for Windows 10, Windows 11, and Windows Server after the January 2026 Patch Tuesday introduced two critical bugs. The first bug broke credential prompts for Microsoft 365 Cloud PC and Azure Virtual Desktop sessions, while the second prevented...

By BleepingComputer
Google Chrome Now Lets You Turn Off On-Device AI Model Powering Scam Detection
News•Jan 18, 2026

Google Chrome Now Lets You Turn Off On-Device AI Model Powering Scam Detection

Google Chrome now lets users delete the on‑device AI model that powers the Enhanced Protection feature, which uses generative AI to detect scams, malicious downloads, and risky extensions. The toggle appears in Settings > System under “On‑device GenAI.” The capability is currently...

By BleepingComputer
StealC Hackers Hacked as Researchers Hijack Malware Control Panels
News•Jan 16, 2026

StealC Hackers Hacked as Researchers Hijack Malware Control Panels

Researchers at CyberArk uncovered a cross‑site scripting (XSS) vulnerability in the web‑based control panel of the StealC info‑stealing malware. Exploiting the flaw, they observed active operator sessions, harvested browser and hardware fingerprints, and hijacked session cookies to gain remote control...

By BleepingComputer
Microsoft: Windows 11 Update Causes Outlook Freezes for POP Users
News•Jan 16, 2026

Microsoft: Windows 11 Update Causes Outlook Freezes for POP Users

Microsoft is investigating a January Windows 11 security update (KB5074109) that causes the classic Outlook desktop client to freeze for users with POP email accounts. The problem affects devices running the 25H2 and 24H2 builds, preventing Outlook from exiting cleanly and...

By BleepingComputer
Cisco Finally Fixes AsyncOS Zero-Day Exploited Since November
News•Jan 16, 2026

Cisco Finally Fixes AsyncOS Zero-Day Exploited Since November

Cisco has released a patch for the critical AsyncOS zero‑day (CVE‑2025‑20393) affecting Secure Email Gateway and Secure Email and Web Manager appliances with internet‑exposed Spam Quarantine. The flaw allowed remote attackers to execute arbitrary commands with root privileges. Cisco Talos...

By BleepingComputer
Microsoft: Some Windows PCs Fail to Shut Down After January Update
News•Jan 16, 2026

Microsoft: Some Windows PCs Fail to Shut Down After January Update

Microsoft confirmed that the January 13, 2026 cumulative update KB5073455 causes Windows 11 23H2 Enterprise and IoT devices with System Guard Secure Launch to fail shutting down, forcing a restart instead. The bug does not affect consumer editions and also blocks hibernation, leaving machines...

By BleepingComputer
Grubhub Confirms Hackers Stole Data in Recent Security Breach
News•Jan 15, 2026

Grubhub Confirms Hackers Stole Data in Recent Security Breach

Grubhub confirmed that unauthorized actors downloaded data from its systems, prompting an immediate investigation and security hardening. The company disclosed that financial details and order histories were not compromised, but it is facing extortion demands from the ShinyHunters cybercrime group....

By BleepingComputer
Hackers Exploit Modular DS WordPress Plugin Flaw for Admin Access
News•Jan 15, 2026

Hackers Exploit Modular DS WordPress Plugin Flaw for Admin Access

Security researchers have identified a critical remote authentication bypass in the Modular DS WordPress plugin, tracked as CVE‑2026‑23550. The flaw, present in versions 2.5.1 and earlier, lets attackers obtain admin‑level access by exploiting a trusted‑request bypass and an automatic login fallback....

By BleepingComputer
FTC Bans GM From Selling Drivers' Location Data for Five Years
News•Jan 15, 2026

FTC Bans GM From Selling Drivers' Location Data for Five Years

The U.S. Federal Trade Commission finalized an order against General Motors and its OnStar subsidiary for collecting and selling precise geolocation and driver‑behavior data without consent. The settlement bans GM from sharing such data with consumer reporting agencies for five...

By BleepingComputer
Palo Alto Networks Warns of DoS Bug Letting Hackers Disable Firewalls
News•Jan 15, 2026

Palo Alto Networks Warns of DoS Bug Letting Hackers Disable Firewalls

Palo Alto Networks disclosed a high‑severity flaw, CVE‑2026‑0227, that lets unauthenticated attackers trigger a denial‑of‑service condition on PAN‑OS firewalls and Prisma Access gateways when GlobalProtect is enabled. The bug forces the appliance into maintenance mode, effectively disabling protection. Palo Alto...

By BleepingComputer
Microsoft Updates Windows DLL that Triggered Security Alerts
News•Jan 14, 2026

Microsoft Updates Windows DLL that Triggered Security Alerts

Microsoft released a service alert confirming that the WinSqlite3.dll library, a core Windows component, was mistakenly flagged by third‑party security tools as vulnerable to CVE‑2025‑6965. The false‑positive affected Windows 10, Windows 11, and Windows Server 2012‑2025 systems for several months. Microsoft updated...

By BleepingComputer
Reprompt Attack Let Hackers Hijack Microsoft Copilot Sessions
News•Jan 14, 2026

Reprompt Attack Let Hackers Hijack Microsoft Copilot Sessions

Researchers at Varonis uncovered a “Reprompt” attack that lets hackers hijack Microsoft Copilot Personal sessions by embedding malicious prompts in the URL’s `q` parameter. After a victim clicks a crafted link, the attacker can issue follow‑up commands that bypass Copilot’s...

By BleepingComputer
Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners
News•Jan 14, 2026

Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners

Cloud commerce platform Pax8 inadvertently emailed an internal spreadsheet to fewer than 40 UK partners, exposing business data for roughly 1,800 managed service providers. The CSV listed more than 56,000 entries, including partner IDs, customer names, Microsoft SKU counts and...

By BleepingComputer
Victorian Department of Education Says Hackers Stole Students’ Data
News•Jan 14, 2026

Victorian Department of Education Says Hackers Stole Students’ Data

The Victorian Department of Education disclosed that an unauthorized party accessed a database containing personal details and school‑issued email addresses of current and former students, along with encrypted passwords. More sensitive information such as birth dates, home addresses, and phone...

By BleepingComputer
Microsoft: Windows 365 Update Blocks Access to Cloud PC Sessions
News•Jan 14, 2026

Microsoft: Windows 365 Update Blocks Access to Cloud PC Sessions

Microsoft confirmed that a recent Windows 365 update is preventing users from signing into their Cloud PC sessions, causing widespread access failures that began on Tuesday at 19:00 UTC. The issue, tracked under incident WP1217671, stems from a security‑focused update that unintentionally broke...

By BleepingComputer
Monroe University Says 2024 Data Breach Affects 320,000 People
News•Jan 14, 2026

Monroe University Says 2024 Data Breach Affects 320,000 People

Monroe University disclosed that a December 2024 cyberattack compromised personal, financial, and health data of more than 320,000 individuals. Attackers accessed the network for two weeks, from Dec 9 to Dec 23, before the breach was detected. The university began notifying affected...

By BleepingComputer
Ukraine's Army Targeted in New Charity-Themed Malware Campaign
News•Jan 13, 2026

Ukraine's Army Targeted in New Charity-Themed Malware Campaign

Ukraine’s Defense Forces were hit by a charity‑themed malware campaign from October to December 2025 that delivered the PluggyApe backdoor. The attacks arrived via Signal or WhatsApp messages promising charitable documents, but instead provided password‑protected PIF archives containing malicious payloads. Ukrainian...

By BleepingComputer
Central Maine Healthcare Breach Exposed Data of over 145,000 People
News•Jan 13, 2026

Central Maine Healthcare Breach Exposed Data of over 145,000 People

Central Maine Healthcare suffered a cyber intrusion that lasted from March 19 to June 1, 2024, exposing the personal and health information of 145,381 individuals. The breach affected patients, current and former employees, revealing names, dates of birth, treatment details,...

By BleepingComputer
New Windows Updates Replace Expiring Secure Boot Certificates
News•Jan 13, 2026

New Windows Updates Replace Expiring Secure Boot Certificates

Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 devices. The certificates, which protect the pre‑boot environment, are set to expire in June 2026, prompting a phased rollout through Windows quality updates. High‑confidence devices receive the...

By BleepingComputer
Windows 11 KB5074109 & KB5073455 Cumulative Updates Released
News•Jan 13, 2026

Windows 11 KB5074109 & KB5073455 Cumulative Updates Released

Microsoft released the Windows 11 KB5074109 and KB5073455 cumulative updates for 25H2/24H2 and 23H2, delivering the January 2026 Patch Tuesday security patches. The updates raise build numbers to 26200.7623 (or 26100.7462) and 226x1.6050, and they address a range of vulnerabilities, driver compatibility,...

By BleepingComputer
Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Flaws
News•Jan 13, 2026

Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Flaws

Microsoft released its January 2026 Patch Tuesday update, addressing 114 security flaws across Windows and related services. The bundle includes eight critical vulnerabilities—six remote code execution and two elevation‑of‑privilege bugs—plus one actively exploited information‑disclosure flaw in Desktop Window Manager. Two publicly...

By BleepingComputer
Convincing LinkedIn Comment-Reply Tactic Used in New Phishing
News•Jan 13, 2026

Convincing LinkedIn Comment-Reply Tactic Used in New Phishing

Scammers are posting fake LinkedIn reply comments that mimic official policy‑violation notices and direct users to malicious links. The fraudsters leverage LinkedIn’s own lnkd.in URL shortener, making the phishing URLs appear legitimate. Impersonated company pages also use the LinkedIn logo...

By BleepingComputer
CISA Orders Feds to Patch Gogs RCE Flaw Exploited in Zero-Day Attacks
News•Jan 12, 2026

CISA Orders Feds to Patch Gogs RCE Flaw Exploited in Zero-Day Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal civilian agencies to patch a critical zero‑day vulnerability in the Gogs Git service, identified as CVE‑2025‑8110. The flaw allows authenticated attackers to exploit a path‑traversal weakness in the...

By BleepingComputer
'Bad Actor' Hijacks Apex Legends Characters in Live Matches
News•Jan 12, 2026

'Bad Actor' Hijacks Apex Legends Characters in Live Matches

A weekend security incident in Apex Legends allowed a bad actor to hijack player characters, disconnect them, and rename teammates to “RSPN Admin.” Respawn clarified that the breach did not involve malware or remote code execution, suggesting the attacker used...

By BleepingComputer
Apple Confirms Google Gemini Will Power Siri, Says Privacy Remains a Priority
News•Jan 12, 2026

Apple Confirms Google Gemini Will Power Siri, Says Privacy Remains a Priority

Apple announced that its upcoming Siri will be powered by Google’s Gemini large‑language models, marking a multi‑year collaboration between the two rivals. The partnership moves Siri away from Apple’s in‑house AI, which has lagged behind competitors like GPT and Copilot,...

By BleepingComputer
Hidden Telegram Proxy Links Can Reveal Your IP Address in One Click
News•Jan 12, 2026

Hidden Telegram Proxy Links Can Reveal Your IP Address in One Click

Security researchers have shown that Telegram’s proxy links (t.me/proxy) automatically trigger a direct connection to the specified server before the user confirms adding the proxy. This behavior lets an attacker‑controlled proxy log the user’s real IP address with a single...

By BleepingComputer
Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers
News•Jan 12, 2026

Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers

Spanish utility Endesa disclosed a data breach affecting its Energía XXI customers, with hackers obtaining contract‑related personal information such as IDs, contact details, and IBANs. The company says passwords were not exposed and no fraudulent use has been detected so far....

By BleepingComputer

Page 4 of 4

← Prev1234