Veeam warns of critical flaws exposing backup servers to RCE attacks Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities.

Veeam、バックアップサーバーをRCE攻撃にさらす重大な欠陥について警告

Veeam warns of critical flaws exposing backup servers to RCE attacks #BleepingComputer (Mar 12)

www.bleepingcomputer.com/news/securit...

Medtech giant Stryker offline after Iran-linked wiper malware attack Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.

医療技術大手ストライカー、イラン関連のワイパーマルウェア攻撃でオフラインに

Medtech giant Stryker offline after Iran-linked wiper malware attack #BleepingComputer (Mar 11)

www.bleepingcomputer.com/news/securit...

New PhantomRaven NPM attack wave steals dev data via 88 packages New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

PhantomRavenの新たなNPM攻撃の波が88個のパッケージを介して開発データを盗む

New PhantomRaven NPM attack wave steals dev data via 88 packages #BleepingComputer (Mar 11)

www.bleepingcomputer.com/news/securit...

Microsoft to enable Windows hotpatch security updates by default Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security…

マイクロソフト、Windowsのホットパッチセキュリティアップデートをデフォルトで有効化へ

Microsoft to enable Windows hotpatch security updates by default #BleepingComputer (Mar 10)

www.bleepingcomputer.com/news/microso...

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

新たなKadNapボットネットがASUSルーターを乗っ取り、サイバー犯罪プロキシネットワークを活性化

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network #BleepingComputer (Mar 10)

www.bleepingcomputer.com/news/securit...

New 'Zombie ZIP' technique lets malware slip past security tools A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR)…

新しい「ゾンビZIP」技術により、マルウェアがセキュリティツールをすり抜ける

New 'Zombie ZIP' technique lets malware slip past security tools #BleepingComputer (Mar 10)

www.bleepingcomputer.com/news/securit...

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without…

Elementor AllyプラグインのSQLi欠陥が25万以上のWordPressサイトに影響

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites #BleepingComputer (Mar 11)

www.bleepingcomputer.com/news/securit...

CISA orders feds to patch n8n RCE flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.

CISA、攻撃に悪用されたn8n RCEの脆弱性を修正するよう連邦政府に命令

CISA orders feds to patch n8n RCE flaw exploited in attacks #BleepingComputer (Mar 11)

www.bleepingcomputer.com/news/securit...

CISA: Recently patched Ivanti EPM flaw now actively exploited CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

CISA：最近修正されたIvanti EPMの脆弱性が現在積極的に悪用されている

CISA: Recently patched Ivanti EPM flaw now actively exploited #BleepingComputer (Mar 10)

www.bleepingcomputer.com/news/securit...

HPE warns of critical AOS-CX flaw allowing admin password resets Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

HPE、管理者パスワードのリセットを可能にする重大なAOS-CXの欠陥について警告

HPE warns of critical AOS-CX flaw allowing admin password resets #BleepingComputer (Mar 10)

www.bleepingcomputer.com/news/securit...

ShinyHunters claims ongoing Salesforce Aura data theft attacks Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters…

ShinyHuntersはSalesforce Auraのデータ盗難攻撃が継続中であると主張

ShinyHunters claims ongoing Salesforce Aura data theft attacks #BleepingComputer (Mar 9)

www.bleepingcomputer.com/news/securit...

Microsoft Teams will tag third-party bots trying to join meetings Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings.

Microsoft Teamsは会議に参加しようとするサードパーティボットにタグを付ける

Microsoft Teams will tag third-party bots trying to join meetings #BleepingComputer (Mar 9)

www.bleepingcomputer.com/news/microso...

Microsoft Teams phishing targets employees with A0Backdoor malware Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called…

Microsoft TeamsフィッシングはA0Backdoorマルウェアを使って従業員を狙う

Microsoft Teams phishing targets employees with A0Backdoor malware #BleepingComputer (Mar 9)

www.bleepingcomputer.com/news/securit...

Google: Cloud attacks exploit flaws more than weak credentials Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Google: クラウド攻撃は脆弱な認証情報よりも欠陥を悪用する

Google: Cloud attacks exploit flaws more than weak credentials #BleepingComputer (Mar 9)

www.bleepingcomputer.com/news/securit...

Ericsson US discloses data breach after service provider hack Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after…

エリクソンUS、サービスプロバイダーへのハッキング後にデータ侵害を公表

Ericsson US discloses data breach after service provider hack #BleepingComputer (Mar 9)

www.bleepingcomputer.com/news/securit...

Microsoft 365 Backup to add file-level restore for faster recovery Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders.

Microsoft 365 バックアップにファイルレベルの復元を追加して、より迅速な回復を実現

Microsoft 365 Backup to add file-level restore for faster recovery #BleepingComputer (Mar 6)

www.bleepingcomputer.com/news/microso...

Microsoft: Hackers abusing AI at every stage of cyberattacks Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a…

マイクロソフト：ハッカーはサイバー攻撃のあらゆる段階でAIを悪用している

Microsoft: Hackers abusing AI at every stage of cyberattacks #BleepingComputer (Mar 7)

www.bleepingcomputer.com/news/securit...

EU court adviser says banks must immediately refund phishing victims Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized…

EUの裁判所顧問は、銀行はフィッシング詐欺の被害者に直ちに返金しなければならないと述べている

EU court adviser says banks must immediately refund phishing victims #BleepingComputer (Mar 8)

www.bleepingcomputer.com/news/legal/e...

Fake Claude Code install guides push infostealers in InstallFix attacks Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate…

偽のClaude CodeインストールガイドがInstallFix攻撃でインフォスティーラーを仕込む

Fake Claude Code install guides push infostealers in InstallFix attacks #BleepingComputer (Mar 6)

www.bleepingcomputer.com/news/securit...

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

CISA、暗号窃盗攻撃に悪用されたiOSの欠陥を修正するよう連邦政府に警告

CISA warns feds to patch iOS flaws exploited in crypto-theft attacks #BleepingComputer (Mar 6)

www.bleepingcomputer.com/news/securit...

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways.

ハッカーはフィッシング対策を回避するために.arpa DNSとIPv6を悪用している

Hackers abuse .arpa DNS and ipv6 to evade phishing defenses #BleepingComputer (Mar 8)

www.bleepingcomputer.com/news/securit...

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Wikipediaが自己増殖型のJavaScriptワームに襲われ、ページが破壊される

Wikipedia hit by self-propagating JavaScript worm that vandalized pages #BleepingComputer (Mar 5)

www.bleepingcomputer.com/news/securit...

How a Brute Force Attack Unmasked a Ransomware Infrastructure Network A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected…

ブルートフォース攻撃でランサムウェアのインフラネットワークが明らかになる

How a Brute Force Attack Unmasked a Ransomware Infrastructure Network #BleepingComputer (Mar 4)

www.bleepingcomputer.com/news/securit...

FBI seizes LeakBase cybercrime forum, data of 142,000 members The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

FBIがLeakBaseサイバー犯罪フォーラムを押収、会員14万2000人のデータを入手

FBI seizes LeakBase cybercrime forum, data of 142,000 members #BleepingComputer (Mar 4)

www.bleepingcomputer.com/news/securit...

Hacker mass-mails HungerRush extortion emails to restaurant patrons Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data…

ハッカーがレストランの客にハンガーラッシュの恐喝メールを大量送信

Hacker mass-mails HungerRush extortion emails to restaurant patrons #BleepingComputer (Mar 4)

www.bleepingcomputer.com/news/securit...

Cisco warns of max severity Secure FMC flaws giving root access Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.

シスコ、ルートアクセスを許可するセキュアFMCの脆弱性について最大深刻度を警告

Cisco warns of max severity Secure FMC flaws giving root access #BleepingComputer (Mar 4)

www.bleepingcomputer.com/news/securit...

LexisNexis confirms data breach as hackers leak stolen files American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

レクシスネクシスはハッカーが盗んだファイルを漏洩し、データ侵害を確認した。

LexisNexis confirms data breach as hackers leak stolen files #BleepingComputer (Mar 3)

www.bleepingcomputer.com/news/securit...

Microsoft: Hackers abuse OAuth error flows to spread malware Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.

マイクロソフト：ハッカーがOAuthエラーフローを悪用してマルウェアを拡散

Microsoft: Hackers abuse OAuth error flows to spread malware #BleepingComputer (Mar 3)

www.bleepingcomputer.com/news/securit...

How Deepfakes and Injection Attacks Are Breaking Identity Verification Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device…

ディープフェイクとインジェクション攻撃がいかにして本人確認を破るのか

How Deepfakes and Injection Attacks Are Breaking Identity Verification #BleepingComputer (Mar 2)

www.bleepingcomputer.com/news/securit...

Fake Google Security site uses PWA app to steal credentials, MFA codes A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker…

偽の Google セキュリティ サイトが PWA アプリを使用して認証情報や MFA コードを盗む

Fake Google Security site uses PWA app to steal credentials, MFA codes #BleepingComputer (Mar 2)

www.bleepingcomputer.com/news/securit...