Live

Intelligence Feed

Latest threat intelligence articles from trusted security sources, auto-processed to extract entities, IoCs, and TTPs.

Filtered by source: bleeping-computer Clear filter
Flipper Zero firmware development continues with community help

3h ago · bleeping-computer

Flipper Devices has announced a shift in its firmware development strategy for the Flipper Zero, transitioning to a community-driven model with a reduced internal team. While official firmware maintenance will continue, full-time feature development has ended, and future updates will depend on community contributions reviewed by the core team. The company aims to focus on new hardware like the Flipper One and Busy Bar, while leveraging community input to sustain the Flipper Zero platform. This change follows user backlash over perceived abandonment of firmware development.

CISA: Microsoft SharePoint RCE flaw now actively exploited

3d ago · bleeping-computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a high-severity remote code execution vulnerability in Microsoft SharePoint, tracked as CVE-2026-45659, is now under active exploitation. The flaw allows authenticated attackers with low privileges to execute arbitrary code remotely on unpatched SharePoint servers without user interaction. Microsoft addressed the vulnerability in May 2026 updates, but over 10,000 exposed servers remain at risk. CISA has added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by a strict deadline.

Cisco finally confirms attackers exploiting Unified CM flaw

3d ago · bleeping-computer

Cisco has confirmed active exploitation of a critical vulnerability (CVE-2026-20230) in its Unified Communications Manager (Unified CM) software. The flaw allows unauthenticated attackers to perform server-side request forgery (SSRF) attacks via crafted HTTP requests. Cisco urges customers to apply patches immediately or disable the vulnerable WebDialer service as a mitigation. The vulnerability follows a trend of repeated security issues in Cisco Unified CM devices.

Microsoft fixes bug that removed Copilot buttons in Outlook

3d ago · bleeping-computer

Microsoft resolved a bug that caused Copilot buttons to disappear in Classic Outlook for Windows users with the Copilot Chat (Basic) license. The issue was fixed via a service update on June 29, 2026, and users are advised to restart Outlook or update to the latest build. Microsoft is also investigating Outlook crashes linked to Kaspersky Antivirus's Kaspersky Mail Checker (mcou.dll).

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

3d ago · bleeping-computer

ConsentFix and ClickFix are social engineering attacks that hijack Microsoft 365 accounts by exploiting user trust in routine workflows. ClickFix tricks users into executing malicious commands via fake verification prompts, while ConsentFix abuses OAuth consent flows by luring victims into dragging a localhost callback link, surrendering OAuth tokens. These attacks bypass traditional security measures by mimicking legitimate processes, requiring no malware or credential theft. Attackers leverage publicly shared blueprints and common platforms like Dropbox to distribute lures.

Google loses final appeal to overturn €4.1 billion EU fine

3d ago · bleeping-computer

The article discusses the European Union's antitrust case against Google, culminating in a final ruling by the Court of Justice of the European Union (CJEU) dismissing Google's appeal against a €4.1 billion fine. The case centers on Google's historical use of Android licensing agreements to promote its Chrome browser and search services, which was deemed anti-competitive. There is no mention of cyber threat activity, malware, or malicious infrastructure in the article.

Claude Fable relaunch disappoints users with nerfed performance

2d ago · bleeping-computer

The relaunch of Claude Fable, Anthropic's powerful AI model, has disappointed users due to degraded performance and increased restrictions. Despite being available to all users, the model is heavily capped and frequently falls back to the less capable Opus 4.8 due to strict safety guardrails. Users report that prompts involving security-related terms or systems programming trigger fallbacks, impacting usability. Anthropic attributes this behavior to an expanded safety margin rather than intentional model degradation.

Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says

2d ago · bleeping-computer

Anthropic has temporarily removed access to its powerful Claude Fable 5 model from subscription plans after July 7, shifting usage to a credit-based system due to unexpectedly high demand and capacity constraints. The company clarifies this is not a permanent change and intends to reintegrate Fable 5 into subscription plans once sufficient infrastructure capacity is available. Fable 5 remains fully accessible via the Claude API and consumption-based Enterprise plans. Users are advised that the model may return to subscriptions in the future as capacity allows.

ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

2d ago · bleeping-computer

ARToken, a phishing-as-a-service (PhaaS) platform, is linked to the EvilTokens Microsoft 365 phishing toolkit, enabling attackers to steal authentication tokens and bypass multi-factor authentication via device code phishing. The platform provides affiliates with persistent access through Primary Refresh Tokens (PRTs) and supports automated business email compromise (BEC) operations using AI. It allows for mailbox monitoring, file exfiltration from SharePoint and OneDrive, and deployment via Cloudflare Workers, indicating a sophisticated, multi-tenant attack infrastructure.

2 IoCs
NetNut proxy network disrupted, 2 million infected devices cut off

2d ago · bleeping-computer

A joint operation led by Google and the FBI disrupted the NetNut residential proxy network, which leveraged at least 2 million compromised Android devices, including smart TVs and streaming boxes, to provide anonymized internet access for cybercriminals and espionage groups. The botnet, powered by trojanized applications like Badbox 2.0, enabled malicious actors to conceal their traffic using victims' residential IP addresses. The disruption involved seizing infrastructure, disabling C2 accounts on Google's platforms, and warning users via Play Protect, significantly impacting the broader proxy services ecosystem.

1 IoCs