Bill Toulas

Cyprus, Nicosia

Infosec News Writer at Bleeping Computer

Infosec news @BleepinComputer

Featured in: Favicon

bleepingcomputer.com Favicon

flipboard.com Favicon

newsbreak.com Favicon

acs.org.au Favicon

industrytap.com Favicon

technadu.com Favicon

codeproject.com Favicon

ourcommunitynow.com Favicon

ia.acs.org.au

Articles

Hacker targets other hackers and gamers with backdoored GitHub code

3 days ago | bleepingcomputer.com | Bill Toulas

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. This campaign was discovered by Sophos researchers, whom a client contacted to estimate the danger of a remote access trojan called Sakura RAT, which is freely available on GitHub.
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass

4 days ago | bleepingcomputer.com | Bill Toulas

Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue.
Coinbase breach tied to bribed TaskUs support agents in India

4 days ago | bleepingcomputer.com | Bill Toulas

A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. According to Reuters, who spoke to numerous TaskUs employees, the data breach was first discovered in January after a TaskUs employee was caught capturing photos of her computer screen using a personal device.
The North Face warns customers of April credential stuffing attack

4 days ago | threatbeat.com | Bill Toulas

By Bill Toulas • Jun 03, 2025 Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies.
Malicious RubyGems pose as Fastlane to steal Telegram API data

4 days ago | bleepingcomputer.com | Bill Toulas

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package manager for the Ruby programming language, used for distributing, installing, and managing Ruby libraries (gems), similar to npm for JavaScript and PyPI for Python.
Android malware Crocodilus adds fake contacts to spoof trusted callers

4 days ago | bleepingcomputer.com | Bill Toulas

The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact to an infected device's contact list to deceive victims when they receive calls from the threat actors. This feature was introduced along with several others, mostly evasion-focused improvements, as the malware appears to have expanded its targeting scope worldwide.
The North Face warns customers of April credential stuffing attack

5 days ago | bleepingcomputer.com | Bill Toulas

Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. The North Face is a major American outdoor apparel and equipment brand owned by VF Corporation that also controls Vans, Timberland, and Dickies.
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August

5 days ago | bleepingcomputer.com | Bill Toulas

Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. The change will come in Google Chrome version 139, which is scheduled for release on August 1, 2025. The tech giant cites ongoing compliance failures, broken improvement commitments, and lack of measurable progress as the reasons for this action.
‘Russian Market’ emerges as a go-to shop for stolen credentials

5 days ago | bleepingcomputer.com | Bill Toulas

The "Russian Market" cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. Although the marketplace has been active for roughly six years and became relatively popular by 2022, ReliaQuest reports that the Russian Market has recently reached new heights. Part of this surge in popularity is due to the takedown of the Genesis Market, which created a large vacuum in the field.
Exploit details for max severity Cisco IOS XE flaw now public

1 week ago | bleepingcomputer.com | Bill Toulas

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a 'ready-to-run' proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill in the missing pieces.