BleepingComputer.com

"Critical PHP RCE vulnerability mass exploited in new attacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 11 March 2025, 1503 UTC.

Content and Source:   https://www.bleepingcomputer.com/

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Security

  Critical PHP RCE vulnerability mass exploited in new attacks

  Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation.

  • Sergiu Gatlan
   
  • March 11, 2025
   
  • 10:26 AM
   
  •  0
• 
   
  Security· Sponsored Content

  The AI race: Dark AI is in the lead, but good AI is catching up

  Cybercriminals are using AI for help in planning and conducting cyberattacks—but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered security solutions are closing the gap in the battle against AI-driven cyber threats.

  • Sponsored by Acronis
   
  • March 11, 2025
   
  • 10:05 AM
   
  •  0
• 
   

  2024: A year of identity attacks | Get the new ebook 

  Identity attacks were rampant in 2024 as attackers doubled down on identity-based TTPs. Prepare to defend your organization in 2025 by looking back at identity-based breaches in 2024.

  Get a free Ebook on the most impactful identity breaches of 2024, and the attacker tooling and techniques that we can expect in 2025.

  • Sponsored by Push Security
• 
   
  Security, Education

  PowerSchool previously hacked in August, months before data breach

  PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September.

  • Bill Toulas
   
  • March 11, 2025
   
  • 09:42 AM
   
  •  0
• 
   
  Security

  CISA tags critical Ivanti EPM flaws as actively exploited in attacks

  CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances.

  • Sergiu Gatlan
   
  • March 11, 2025
   
  • 09:01 AM
   
  •  0
• 
   
  Deals

  Convert PDFs without the hassle of reformatting—this lifetime tool is 20% off

  PDF Converter Pro is an affordable solution for anyone who doesn't need tons of extra editing tools. And for a limited time, you can get a PDF Converter Pro lifetime license for Windows or Mac for just $23.99 (reg. $29.99) with code SAVE20 at checkout.

  • BleepingComputer Deals
   
  • March 11, 2025
   
  • 07:05 AM
   
  •  0
• 
   
  Security

  X hit by 'massive cyberattack' amid Dark Storm's DDoS claims

  The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare.

  • Lawrence Abrams
   
  • March 10, 2025
   
  • 04:07 PM
   
  •  6
• 
   
  Security

  US govt says Americans lost record $12.5 billion to fraud in 2024

  The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year.

  • Sergiu Gatlan
   
  • March 10, 2025
   
  • 03:05 PM
   
  •  0
• 
   
  Microsoft, Software

  Microsoft shares guidance on upcoming Publisher deprecation

  Microsoft has published guidance for users of Microsoft Publisher as it will no longer be supported after October 2026 and removed from Microsoft 365.

  • Bill Toulas
   
  • March 10, 2025
   
  • 02:15 PM
   
  •  3
• 
   
  Security

  FTC will send $25.5 million to victims of tech support scams

  ​Later this week, the Federal Trade Commission (FTC) will start distributing over $25.5 million in refunds to those misled by tech support companies Restoro and Reimage's scare tactics.

  • Sergiu Gatlan
   
  • March 10, 2025
   
  • 12:58 PM
   
  •  1
• 
   
  Security, Legal

  Swiss critical sector faces new 24-hour cyberattack reporting rule

  Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.

  • Bill Toulas
   
  • March 10, 2025
   
  • 11:47 AM
   
  •  0
• 
   
  Security

  Google paid $12 million in bug bounties last year to security researchers

  Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024.

  • Sergiu Gatlan
   
  • March 10, 2025
   
  • 11:36 AM
   
  •  0
• 
   
  Security· Sponsored Content

  Quantum leap: Passwords in the new era of computing security

  Quantum computing threatens to break traditional encryption, putting sensitive data at risk. Learn more from Specops Software about the risks of quantum computing and how to prepare for them.

  • Sponsored by Specops Software
   
  • March 10, 2025
   
  • 10:02 AM
   
  •  0
• 
   
  Microsoft

  Microsoft lifts Windows 11 update block for some AutoCAD users

  Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues.

  • Sergiu Gatlan
   
  • March 10, 2025
   
  • 09:02 AM
   
  •  0
• 
   
  Deals

  Clear clutter from your Windows devices with this USB data shredder deal

  Securely and quickly clear out your PC with this data shredder USB stick, now available at the unbeatable price of $29.99 while supplies last. This price drop only lasts for a limited time.

  • BleepingComputer Deals
   
  • March 10, 2025
   
  • 07:19 AM
   
  •  0
• 
   
  Security

  US cities warn of wave of unpaid parking phishing texts

  US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.

  • Lawrence Abrams
   
  • March 09, 2025
   
  • 11:20 AM
   
  •  1
• 
   
  Software

  New Chirp tool uses audio tones to transfer data between devices

  A new open-source tool named 'Chirp' transmits data, such as text messages, between computers (and smartphones) through different audio tones.

  • Bill Toulas
   
  • March 09, 2025
   
  • 10:14 AM
   
  •  3
• 
   
  Deals

  Study for your CISSP certifications in this $30 course bundle deal

  Becoming a Certified Information Systems Security Professional goes a long way toward showing your expertise in risk management, but the exams are difficult. If you want help preparing, study the CISSP Security and Risk Management Training Bundle while it's on sale for $29.97 (reg. $424). 

  • BleepingComputer Deals
   
  • March 09, 2025
   
  • 08:11 AM
   
  •  0
• 
   
  Security

  Developer guilty of using kill switch to sabotage employer's systems

  A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company.

  • Lawrence Abrams
   
  • March 08, 2025
   
  • 12:43 PM
   
  •  8
• 
   
  Security, Hardware

  Undocumented commands found in Bluetooth chip used by a billion devices

  The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.

  • Bill Toulas
   
  • March 08, 2025
   
  • 11:12 AM
   
  •  14
• 
   
  Security

  YouTubers extorted via copyright strikes to spread malware

  Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.

  • Bill Toulas
   
  • March 08, 2025
   
  • 10:11 AM
   
  •  1

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More