Sergiu Gatlan
@serghei.bsky.social
Cybersecurity/tech reporter @BleepingComputer / serghei.ro
Reposted by Sergiu Gatlan
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 5, 2025 at 3:52 PM
There's some really big caveats to this. A thread.
Reposted by Sergiu Gatlan
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.
www.bleepingcomputer.com
October 28, 2025 at 7:11 PM
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools.
Reposted by Sergiu Gatlan
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
Fake LastPass, Bitwarden breach alerts lead to PC hijacks
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
www.bleepingcomputer.com
October 15, 2025 at 7:22 PM
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
Reposted by Sergiu Gatlan
On CISA media call just now to discuss the F5 hack and source code breach, CISA staffer interrupted the discussion to blame the Democrats for the government shutdown and forcing workers to work without pay
October 15, 2025 at 4:13 PM
On CISA media call just now to discuss the F5 hack and source code breach, CISA staffer interrupted the discussion to blame the Democrats for the government shutdown and forcing workers to work without pay
Reposted by Sergiu Gatlan
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
www.bleepingcomputer.com
October 15, 2025 at 1:32 PM
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
Reposted by Sergiu Gatlan
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.
Hackers claim Discord breach exposed data of 5.5 million users
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.
www.bleepingcomputer.com
October 9, 2025 at 12:22 AM
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.
Reposted by Sergiu Gatlan
The ShinyHunters extortion group has leaked samples of data belonging to dozens of companies, which were stolen in a wave of Salesforce breaches that have affected numerous companies worldwide.
ShinyHunters launches Salesforce data leak site to extort 39 victims
The ShinyHunters extortion group has leaked samples of data belonging to dozens of companies, which were stolen in a wave of Salesforce breaches that have affected numerous companies worldwide.
www.bleepingcomputer.com
October 3, 2025 at 2:16 PM
The ShinyHunters extortion group has leaked samples of data belonging to dozens of companies, which were stolen in a wave of Salesforce breaches that have affected numerous companies worldwide.
Reposted by Sergiu Gatlan
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
October 1, 2025 at 3:07 PM
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.
They also refer to Trump as "my king."
They also refer to Trump as "my king."
Reposted by Sergiu Gatlan
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks.
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks.
www.bleepingcomputer.com
September 25, 2025 at 5:53 PM
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks.
Reposted by Sergiu Gatlan
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts.
SonicWall warns customers to reset credentials after breach
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts.
www.bleepingcomputer.com
September 17, 2025 at 4:23 PM
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts.
Google has switched to a risk-based Android update process, with “high-risk” vulnerabilities patched on a monthly basis and the rest fixed on a quarterly schedule.
www.androidauthority.com/android-risk...
www.androidauthority.com/android-risk...
September 15, 2025 at 4:14 PM
Google has switched to a risk-based Android update process, with “high-risk” vulnerabilities patched on a monthly basis and the rest fixed on a quarterly schedule.
www.androidauthority.com/android-risk...
www.androidauthority.com/android-risk...
Reposted by Sergiu Gatlan
Finnish hacker Aleksanteri Kivimäki has been released from prison following an appeal.
Kivimäki hacked Finnish psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files.
yle.fi/a/74-20182408
Kivimäki hacked Finnish psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files.
yle.fi/a/74-20182408
Appeal court orders release of convicted psychotherapy centre database hacker
If the court reduces his sentence, there's a risk that Aleksanteri Kivimäki will have spent too much time in prison — and then be able to demand compensation from the state.
yle.fi
September 11, 2025 at 4:55 PM
Finnish hacker Aleksanteri Kivimäki has been released from prison following an appeal.
Kivimäki hacked Finnish psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files.
yle.fi/a/74-20182408
Kivimäki hacked Finnish psychotherapy centre Vastaamo in 2020 and released highly sensitive patient files.
yle.fi/a/74-20182408
Reposted by Sergiu Gatlan
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.
www.bleepingcomputer.com
September 10, 2025 at 5:56 PM
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.
Phishing email sent to NPM package maintainers:
September 8, 2025 at 5:12 PM
Phishing email sent to NPM package maintainers:
Reposted by Sergiu Gatlan
Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.
Orange Belgium discloses data breach impacting 850,000 customers
Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.
www.bleepingcomputer.com
August 21, 2025 at 7:07 AM
Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers.
Reposted by Sergiu Gatlan
UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms.
Colt Telecom attack claimed by WarLock ransomware, data up for sale
UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms.
www.bleepingcomputer.com
August 15, 2025 at 3:25 PM
UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms.
Reposted by Sergiu Gatlan
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
www.bleepingcomputer.com
August 13, 2025 at 7:14 PM
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.
Reposted by Sergiu Gatlan
some Hyundai IONIQ 5 models can be hacked to open the doors and start the car with a Game Boy-like device. Now, Hyundai is asking customers in the UK to pay £49 to fix this huge security flaw. Details here 👇 www.theverge.com/news/757205/...
Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole
Thieves have been stealing cars with a Game Boy-like device
www.theverge.com
August 11, 2025 at 11:53 AM
some Hyundai IONIQ 5 models can be hacked to open the doors and start the car with a Game Boy-like device. Now, Hyundai is asking customers in the UK to pay £49 to fix this huge security flaw. Details here 👇 www.theverge.com/news/757205/...
Eighty cheat websites generate between $12.8 million and $73.2 million annually, according to academics at the University of Birmingham.
Up to 174,000 people may be buying cheats every month across North America and Europe.
www.wired.com/story/inside...
Research: github.com/SamCollins13...
Up to 174,000 people may be buying cheats every month across North America and Europe.
www.wired.com/story/inside...
Research: github.com/SamCollins13...
Inside the Multimillion-Dollar Gray Market for Video Game Cheats
Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge.
www.wired.com
August 11, 2025 at 10:59 AM
Eighty cheat websites generate between $12.8 million and $73.2 million annually, according to academics at the University of Birmingham.
Up to 174,000 people may be buying cheats every month across North America and Europe.
www.wired.com/story/inside...
Research: github.com/SamCollins13...
Up to 174,000 people may be buying cheats every month across North America and Europe.
www.wired.com/story/inside...
Research: github.com/SamCollins13...
Microsoft warns customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that can let attackers escalate privileges in Exchange Online cloud environments undetected.
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
Microsoft warns of high-severity flaw in hybrid Exchange deployments
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environm...
www.bleepingcomputer.com
August 7, 2025 at 8:48 AM
Microsoft warns customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that can let attackers escalate privileges in Exchange Online cloud environments undetected.
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
Reposted by Sergiu Gatlan
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
Air France and KLM disclose data breaches impacting customers
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
www.bleepingcomputer.com
August 7, 2025 at 8:41 AM
Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
Reposted by Sergiu Gatlan
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.
Google suffers data breach in ongoing Salesforce data theft attacks
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.
www.bleepingcomputer.com
August 6, 2025 at 1:51 PM
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.
Although not yet confirmed by Cisco, this is likely part of a wave of Salesforce data theft attacks linked to the ShinyHunters extortion group.
Other companies affected by Salesforce data breaches: Adidas, Qantas, Allianz Life, Chanel, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co.
Other companies affected by Salesforce data breaches: Adidas, Qantas, Allianz Life, Chanel, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co.
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative.
Cisco discloses data breach impacting Cisco.com user accounts
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative.
www.bleepingcomputer.com
August 5, 2025 at 1:38 PM
Although not yet confirmed by Cisco, this is likely part of a wave of Salesforce data theft attacks linked to the ShinyHunters extortion group.
Other companies affected by Salesforce data breaches: Adidas, Qantas, Allianz Life, Chanel, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co.
Other companies affected by Salesforce data breaches: Adidas, Qantas, Allianz Life, Chanel, and LVMH brands Louis Vuitton, Dior, and Tiffany & Co.
Reposted by Sergiu Gatlan
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
www.bleepingcomputer.com
August 4, 2025 at 11:27 AM
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.