The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. A press release published today on an official Ukrainian government domain describes the attack as a “special operation” carried out by GUR’s cyber-specialists. As a result of the

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others. These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution. Beyond

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. “Upgrade for free to the latest Windows 11. You can go to your desktop now and use your PC without interruptions while the upgrade downloads in the background (it’s about 4 GB),”

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. The threat actors behind GTPDOOR are believed to target systems adjacent to the GPRS roaming eXchange (GRX), such as SGSN, GGSN, and P-GW, which can provide the attackers direct access to a telecom’s core network. The GRX is

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Tracked as CVE-2024-21338, the security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta,

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, Reuters, The Guardian, and Washington Post, among others. These “news” websites, which we were able to trace to their proprietor in India, repost articles from credible media and research organizations without attribution. Beyond

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. Today’s announcement comes after the company introduced push protection in beta almost two years ago, in April 2022, as an easy way to prevent sensitive information leaks

Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. The KB5034848 cumulative update preview is part of Microsoft’s “optional non-security preview updates” schedule, released on the fourth week of every month. This update allows Windows admins