BleepingComputer.com

Note:  I'll be off-island from 08 May 2025 to 10 May 2025.  Full coverage resumes on Saturday afternoon, 10 May 2025.

Today's cybersecurity headline:  "Google links new LostKeys data theft malware to Russian cyber spies."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 May 2025, 1400 UTC.

Content and Source:  "BleepingComputer.com"

Site URL-- https://www.bleepingcomputer.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today..

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

            Latest Articles

• 
   
  Security

  Google links new LostKeys data theft malware to Russian cyberspies

  Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations.

  • Sergiu Gatlan
   
  • May 08, 2025
   
  • 09:39 AM
   
  •  0
• 
   
  Security

  SonicWall urges admins to patch VPN flaw exploited in attacks

  SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks

  • Sergiu Gatlan
   
  • May 08, 2025
   
  • 07:19 AM
   
  •  0
• 
   

  2024: A year of identity attacks | Get the new ebook 

  Identity attacks were rampant in 2024 as attackers doubled down on identity-based TTPs. Prepare to defend your organization in 2025 by looking back at identity-based breaches in 2024.

  Get a free Ebook on the most impactful identity breaches of 2024, and the attacker tooling and techniques that we can expect in 2025.

  • Push Security Sponsorship
• 
   
  Deals

  This HD portable monitor is only $50 in this deal

  Now, laptop users can add a second screen to their setup with a little help from the AOC Portable LED Monitor. This plug-and-play monitor has a wide 15.6-inch screen, and it even stands on its own. It's also on sale for only $49.99 (reg. $124.99).

  • BleepingComputer Deals
   
  • May 08, 2025
   
  • 07:11 AM
   
  •  0
• 
   
  Security

  LockBit ransomware gang hacked, victim negotiations exposed

  The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump.

  • Lawrence Abrams
   
  • May 07, 2025
   
  • 08:06 PM
   
  •  0
• 
   
  Security

  PowerSchool hacker now extorting individual school districts

  PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid.

  • Lawrence Abrams
   
  • May 07, 2025
   
  • 02:25 PM
   
  •  0
• 
   
  Deals

  Digital skills that actually pay off—16 cybersecurity courses for $50

  And the 2025 All-In-One Cybersecurity Bundle is your fast track to getting started in cybersecurity, now just $49.99 (down from $320).

  • BleepingComputer Deals
   
  • May 07, 2025
   
  • 02:07 PM
   
  •  0
• 
   
  Security

  CoGUI phishing platform sent 580 million emails to steal credentials

  A new phishing kit named 'CoGUI' sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data.

  • Bill Toulas
   
  • May 07, 2025
   
  • 02:02 PM
   
  •  0
• 
   
  Security

  Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

  Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites.

  • Bill Toulas
   
  • May 07, 2025
   
  • 11:37 AM
   
  •  0
• 
   
  Security, Microsoft

  Play ransomware exploited Windows logging flaw in zero-day attacks

  The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

  • Sergiu Gatlan
   
  • May 07, 2025
   
  • 10:45 AM
   
  •  0
• 
   
  Legal

  NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users

  A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app.

  • Bill Toulas
   
  • May 07, 2025
   
  • 10:09 AM
   
  •  0
• 
   
  Security

  Doubling down: How Universal 2nd Factor (U2F) boosts online security

  Passwords alone aren't cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure.

  • Specops Software
   
  • May 07, 2025
   
  • 10:02 AM
   
  •  0
• 
   
  Security, Healthcare

  Medical device maker Masimo warns of cyberattack, manufacturing delays

  Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers' orders.

  • Bill Toulas
   
  • May 07, 2025
   
  • 09:39 AM
   
  •  0
• 
   
  Security

  CISA warns of hackers targeting critical oil infrastructure

  CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors.

  • Sergiu Gatlan
   
  • May 07, 2025
   
  • 09:17 AM
   
  •  0
• 
   
  Security

  Police takes down six DDoS-for-hire services, arrests admins

  ​Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022.

  • Sergiu Gatlan
   
  • May 07, 2025
   
  • 07:23 AM
   
  •  0
• 
   
  Deals

  Block ads forever with a AdGuard lifetime access, now just $16

  Right now, you can grab lifetime access to the AdGuard Family Plan for just $15.97 (reg. $169) when you use code FAMPLAN at checkout. That's a one-time payment to block every kind of ad—forever—on up to nine of your devices.

  • BleepingComputer Deals
   
  • May 07, 2025
   
  • 07:12 AM
   
  •  0
• 
   
  Microsoft

  Microsoft: April updates cause Windows Server auth issues

  Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

  • Sergiu Gatlan
   
  • May 07, 2025
   
  • 05:55 AM
   
  •  0
• 
   
  Security

  Apache Parquet exploit tool detect servers vulnerable to critical flaw

  A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.

  • Bill Toulas
   
  • May 06, 2025
   
  • 02:16 PM
   
  •  0
• 
   
  Deals

  This Duolingo alternative offers lifetime access for only $35

  Like Duolingo, Qlango makes learning feel like a game with points, progress tracking, and customizable study modes. But unlike Duolingo, it doesn't lean on generative AI responses or subscription fatigue. You pay once for lifetime access (currently just $34.97, down from $119.99), and you're in.

  • BleepingComputer Deals
   
  • May 06, 2025
   
  • 02:11 PM
   
  •  0
• 
   
  Security

  Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

  Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware.

  • Bill Toulas
   
  • May 06, 2025
   
  • 01:10 PM
   
  •  0
• 
   
  Security

  UK Legal Aid Agency investigates cybersecurity incident

  The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information.

  • Sergiu Gatlan
   
  • May 06, 2025
   
  • 12:20 PM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More