BleepingComputer.com

"Cloudflare now blocks all unencrypted traffic to its API end points."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 22 March 2025, 1613 UTC.

Content and Source:   https://www.bleepingcomputer.com/

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Security

Cloudflare now blocks all unencrypted traffic to its API endpoints

• Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com.

  • Bill Toulas
   
  • March 22, 2025
   
  • 11:35 AM
   
  •  0
• 
   
  Security

Microsoft Trust Signing service abused to code-sign malware

• Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates.

  • Lawrence Abrams
   
  • March 22, 2025
   
  • 10:30 AM
   
  •  0
• 
   

2024: A year of identity attacks | Get the new ebook 

• Identity attacks were rampant in 2024 as attackers doubled down on identity-based TTPs. Prepare to defend your organization in 2025 by looking back at identity-based breaches in 2024.

  Get a free Ebook on the most impactful identity breaches of 2024, and the attacker tooling and techniques that we can expect in 2025.

  • Sponsored by Push Security
• 
   
  Deals

Save an extra $40 on this Koofr 1TB lifetime cloud storage plan deal

• Koofr's lifetime cloud storage subscription lets you pay once, then never worry about recurring fees again. Through March 30, you can grab 1TB of cloud storage for $40 less than usual with code KOOFR at checkout. Normally $159.99, this code drops the price to $119.97.

  • BleepingComputer Deals
   
  • March 22, 2025
   
  • 08:12 AM
   
  •  0
• 
   
  Security

Coinbase was primary target of recent GitHub Actions breaches

• Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.

  • Lawrence Abrams
   
  • March 21, 2025
   
  • 07:35 PM
   
  •  0
• 
   
  Security

Oracle denies breach after hacker claims theft of 6 million data records

• Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers

  • Sergiu Gatlan
   
  • March 21, 2025
   
  • 04:43 PM
   
  •  1
• 
   
  Deals

Take this free-standing 15.6-inch portable monitor anywhere

• Second monitors aren't reserved for desktop users anymore. Laptop users can expand their workspace without compromising portability with a Fold Travel Monitor. This 15.6-inch FHD monitor has its own folding base that doubles as a screen protector in transit, and it's on sale for $149.99. 

  • BleepingComputer Deals
   
  • March 21, 2025
   
  • 02:05 PM
   
  •  0
• 
   
  Security, Google

Fake Semrush ads used to steal SEO professionals’ Google accounts

• A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.

  • Bill Toulas
   
  • March 21, 2025
   
  • 01:16 PM
   
  •  0
• 
   
  Microsoft, Security

Microsoft: Exchange Online bug mistakenly quarantines user emails

• Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails.

  • Sergiu Gatlan
   
  • March 21, 2025
   
  • 01:10 PM
   
  •  0
• 
   
  Security, CryptoCurrency

US removes sanctions against Tornado Cash crypto mixer

• The U.S. Department of Treasury announced today that it has removed sanctions against the Tornado Cash cryptocurrency mixer, which North Korean Lazarus hackers used to launder hundreds of millions stolen in multiple crypto heists.

  • Sergiu Gatlan
   
  • March 21, 2025
   
  • 11:34 AM
   
  •  1
• 
   
  Security, Gaming

Steam pulls game demo infecting Windows with info-stealing malware

• Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware.

  • Bill Toulas
   
  • March 21, 2025
   
  • 09:24 AM
   
  •  0
• 
   
  Deals

AdGuard wipes out ads, pop-ups, and trackers for life in this deal

• This powerful ad blocker works across phones, tablets, and computers, effectively erasing ads from every corner of your online experience. Unlike many apps that require recurring subscriptions, you can get an AdGuard lifetime subscription for nine devices for $15.97 with code FAMPLAN at checkout through March 30 (reg. $39.99).

  • BleepingComputer Deals
   
  • March 21, 2025
   
  • 07:09 AM
   
  •  0
• 
   
  Security

Veeam RCE bug lets domain users hack backup servers, patch now

• Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations.

  • Lawrence Abrams
   
  • March 20, 2025
   
  • 07:30 PM
   
  •  0
• 
   
  Security

CISA tags NAKIVO backup flaw as actively exploited in attacks

• CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software.

  • Sergiu Gatlan
   
  • March 20, 2025
   
  • 05:13 PM
   
  •  0
• 
   
  Security

VSCode extensions found downloading early-stage ransomware

• Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process.

  • Bill Toulas
   
  • March 20, 2025
   
  • 03:54 PM
   
  •  0
• 
   
  Security

Critical Cisco Smart Licensing Utility flaws now exploited in attacks

• Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account.

  • Sergiu Gatlan
   
  • March 20, 2025
   
  • 03:05 PM
   
  •  2
• 
   
  Deals

Last chance: Get 17 CompTIA training courses for under $50

• The Complete 2025 CompTIA Certification Training Super Bundle by IDUNOVA includes 17 prep courses across many disciplines, helping you prepare for virtually any IT career. Get lifetime access to every course for $49.99—breaking down to less than $3 each (reg. $493). This offer expires on March 31.

  • BleepingComputer Deals
   
  • March 20, 2025
   
  • 02:02 PM
   
  •  0
• 
   
  Security

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor

• Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation.

  • Sergiu Gatlan
   
  • March 20, 2025
   
  • 12:31 PM
   
  •  0
• 
   
  Security, Legal

UK urges critical orgs to adopt quantum cryptography by 2035

• The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.

  • Bill Toulas
   
  • March 20, 2025
   
  • 12:23 PM
   
  •  0
• 
   
  Security

WordPress security plugin WP Ghost vulnerable to remote code execution bug

• Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers.

  • Bill Toulas
   
  • March 20, 2025
   
  • 10:58 AM
   
  •  1
• 
   
  Security

GitHub Action supply chain attack exposed secrets in 218 repos

• The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack.

  • Bill Toulas
   
  • March 20, 2025
   
  • 10:34 AM
   
  •  1

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More