Bleeping Computer

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. [...]

A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). [...]

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...]

Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. [...]

A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. [...]

Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. [...]

The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams. [...]

​Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. [...]

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [...]

A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...]

Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. [...]

Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. [...]

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...]

Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025. [...]

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]

A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]

​​Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. [...]

​In May, Microsoft plans to roll out a new Windows scheduled task that launches automatically to help Microsoft Office apps load faster. [...]