- German authorities identify REvil and GandCrab ransomware bosses
by Bill Toulas on April 6, 2026 at 11:54 pmThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. […]
- New GPUBreach attack enables system takeover via GPU rowhammerby Bill Toulas on April 6, 2026 at 9:44 pm
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. […]
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploitby Bill Toulas on April 6, 2026 at 7:19 pm
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. […]
- Microsoft fixes Classic Outlook bug causing email delivery issuesby Sergiu Gatlan on April 6, 2026 at 7:19 pm
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. […]
- Microsoft removes Support and Recovery Assistant from Windowsby Sergiu Gatlan on April 6, 2026 at 5:45 pm
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. […]
- Microsoft links Medusa ransomware affiliate to zero-day attacksby Sergiu Gatlan on April 6, 2026 at 4:56 pm
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. […]
- Drift $280M crypto theft linked to 6-month in-person operationby Bill Toulas on April 6, 2026 at 4:35 pm
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building “a functioning operational presence inside the Drift ecosystem.” […]
- CISA orders feds to patch exploited Fortinet EMS flaw by Fridayby Sergiu Gatlan on April 6, 2026 at 4:02 pm
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. […]
- Why Simple Breach Monitoring is No Longer Enoughby Sponsored by Lunar on April 6, 2026 at 2:02 pm
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can’t keep up with modern credential-based attacks. […]
- Traffic violation scams switch to QR codes in new phishing textsby Lawrence Abrams on April 5, 2026 at 7:44 pm
Scammers are sending fake “Notice of Default” traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. […]
- New FortiClient EMS flaw exploited in attacks, emergency patch releasedby Lawrence Abrams on April 5, 2026 at 6:45 pm
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. […]
- Hackers exploit React2Shell in automated credential theft campaignby Bill Toulas on April 5, 2026 at 2:17 pm
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. […]
- Axios npm hack used fake Teams error fix to hijack maintainer accountby Lawrence Abrams on April 4, 2026 at 8:30 pm
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. […]
Bleeping Computer Cyber Security
We are an ethical website cyber security team and we perform security assessments to protect our clients.