Sergiu Gatlan
LightNews LightNews
banner
serghei.bsky.social
Sergiu Gatlan
@serghei.bsky.social
5.5K followers 870 following 88 posts
Cybersecurity/tech reporter @BleepingComputer / serghei.ro
Posts Replies Media Videos
Reposted by Sergiu Gatlan
bleepingcomputer.com
Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands.
Grubhub confirms hackers stole data in recent security breach
Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands.
www.bleepingcomputer.com
January 15, 2026 at 9:39 PM
Reposted by Sergiu Gatlan
gregotto.bsky.social
CISA’s secure-software buying tool had a simple XSS vulnerability of its own
cyberscoop.com/cisa-secure-...
CISA’s secure-software buying tool had a simple XSS vulnerability of its own
A Cybersecurity and Infrastructure Security Agency tool dedicated to helping government agencies buy secure software turned out to have a cybersecurity vulnerability of its own.
cyberscoop.com
January 15, 2026 at 10:49 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could rev ...
Hidden Telegram proxy links can reveal your IP address in one click
A single click on what may appear to be a Telegram username or harmless link is all it takes to expose your real IP address to attackers due to how proxy links are handled. Telegram says it will add warnings to proxy links after researchers demonstrated that such one-click interactions could rev ...
www.bleepingcomputer.com
January 12, 2026 at 4:21 PM
serghei.bsky.social
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network.

www.bleepingcomputer.com/news/securit...
European Space Agency confirms breach of "external servers"
The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engin...
www.bleepingcomputer.com
December 30, 2025 at 4:37 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.
US cybersecurity experts plead guilty to BlackCat ransomware attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.
www.bleepingcomputer.com
December 30, 2025 at 3:25 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend.
Romanian water authority hit by ransomware attack over weekend
Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend.
www.bleepingcomputer.com
December 22, 2025 at 3:26 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations.
Denmark blames Russia for destructive cyberattack on water utility
Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark's critical infrastructure, as part of Moscow's hybrid attacks against Western nations.
www.bleepingcomputer.com
December 19, 2025 at 12:29 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.
Clop ransomware targets Gladinet CentreStack servers for extortion
The Clop ransomware gang is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign.
www.bleepingcomputer.com
December 18, 2025 at 8:17 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
​Cisco warned of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances.
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
​Cisco warned of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances.
www.bleepingcomputer.com
December 17, 2025 at 6:45 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology.
Texas sues TV makers for taking screenshots of what people watch
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology.
www.bleepingcomputer.com
December 16, 2025 at 5:29 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.
French Interior Ministry confirms cyberattack on email servers
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.
www.bleepingcomputer.com
December 15, 2025 at 11:06 AM
Reposted by Sergiu Gatlan
bleepingcomputer.com
The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach.
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach.
www.bleepingcomputer.com
December 11, 2025 at 5:09 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
An unpatched zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
Hackers exploit unpatched Gogs zero-day to breach 700 servers
An unpatched zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
www.bleepingcomputer.com
December 11, 2025 at 1:20 PM
serghei.bsky.social
"New record-breaking Arc Raiders DDoS attack reaches 100,000 free backpack requests / second."
tomwarren.co.uk Tom Warren @tomwarren.co.uk · Dec 11
so many people are trying to redeem a free Arc Raiders backpack in the Nvidia app that the redeem section of the app is failing to load 🙃
December 11, 2025 at 2:41 PM
Reposted by Sergiu Gatlan
chrisbing.bsky.social
An article that perhaps got lost in the shuffle - on record interviews with senior Dutch intelligence officials where they lament the firing of fmr NSA director Tim Haugh and reveal they are being more careful sharing intel with US partners volkskrant.nl/binnenland/n...
December 9, 2025 at 5:04 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Russian telecom watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate terrorist attacks.
Russia blocks FaceTime and Snapchat over use in terrorist attacks
Russian telecom watchdog Roskomnadzor has blocked access to Apple's FaceTime video conferencing platform and the Snapchat instant messaging service, claiming they're being used to coordinate terrorist attacks.
www.bleepingcomputer.com
December 4, 2025 at 7:12 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US.
Marquis data breach impacts over 74 US banks, credit unions
Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US.
www.bleepingcomputer.com
December 3, 2025 at 10:06 PM
serghei.bsky.social
Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability (CVE-2025-9491) that multiple state-backed and cybercrime hacking groups have exploited in zero-day attacks.

www.bleepingcomputer.com/news/microso...
The logo of the Windows operating system on an abstract background with red and white rays.
December 3, 2025 at 5:42 PM
serghei.bsky.social
Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder stolen funds.

www.bleepingcomputer.com/news/securit...
cryptomixer.io seizure banner.
December 1, 2025 at 9:12 AM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States.
OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide
Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States.
www.bleepingcomputer.com
November 25, 2025 at 9:48 PM
serghei.bsky.social
​Dartmouth College confirms data breach after the Clop extortion gang leaks stolen documents on its dark web leak site.

www.bleepingcomputer.com/news/securit...
Dartmouth College confirms data breach after Clop extortion attack
​Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site.
www.bleepingcomputer.com
November 25, 2025 at 11:29 AM
Reposted by Sergiu Gatlan
bleepingcomputer.com
CrowdStrike says it caught an insider sharing screenshots taken on internal systems with unnamed threat actors.
CrowdStrike catches insider feeding information to hackers
CrowdStrike says it caught an insider sharing screenshots taken on internal systems with unnamed threat actors.
www.bleepingcomputer.com
November 21, 2025 at 4:48 PM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms.
Cloudflare hit by outage affecting global network services
Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms.
www.bleepingcomputer.com
November 18, 2025 at 12:25 PM
serghei.bsky.social
Just as expected, Anthropic confirmed that the TAs essentially hand-held Claude throughout the AI-automated cyberattack, while doing most of the work 🤡
gregotto.bsky.social Greg Otto @gregotto.bsky.social · Nov 14
NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...
However, Klein also made it clear that “most autonomous” is a relative term. There is plenty of evidence to indicate this hacking group devoted significant human and technical resources into the way it used Claude. Namely, the automation detailed in Anthropic’s report performed by Claude was made possible through a frontend framework designed to orchestrate and support its operations. The framework handled tasks such as scripting, provisioning related servers, and significant backend development to ensure every step was followed correctly. Klein noted this development process was the most difficult — and, importantly, human-led — step in the operation. “The first part that is not autonomous is building the framework, so you needed a human being to put this all together,” Klein said. “You had a human operator that would put in a target, they would click a button and then use this framework that was created [ahead of time]. The hardest part of this entire system was building this framework, that’s what was human intensive.”
November 15, 2025 at 8:02 AM
Reposted by Sergiu Gatlan
bleepingcomputer.com
Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited.
Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks
Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited.
www.bleepingcomputer.com
November 14, 2025 at 5:00 PM