BU-CERT – Bournemouth University Computer Emergency Response Team

Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released

Posted on 25 June 2025

From cybersecuritynews.com

A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise.

The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with a proof-of-concept demonstration now publicly available.

The vulnerability affects the Notepad++ v8.8.1 installer released on May 5, 2025, exploiting an uncontrolled executable search path that enables local privilege escalation attacks.

India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users

Posted on 17 June 2025

From securityaffairs.com

Zoomcar is an India-based car-sharing and self-drive car rental company. Zoomcar discovered a data breach impacting 8.4M users after threat actors contacted the internal personnel claiming the compromise of internal systems.

The company is investigating the security breach and has determined that the exposed information included names, contacts, and addresses. No financial data or passwords were compromised.

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Posted on 14 June 2025

From TheHackerNews.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.

“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025,” the agency said in an advisory.

Over 4 billion user records leaked in “largest breach ever” – here’s what you need to know

Posted on 10 June 2025

From techradar.com

A huge dataset has been discovered unsecured online by researchers
This contained roughly 4 billion records – including personal information
The data could potentially be part of a surveillance effort targeting Chinese citizens

Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Posted on 4 June 2025

Victims include hospitality, retail and education sectors

From theRegister.com

A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce’s Data Loader that allows the crims to steal sensitive data.

Google Threat Intelligence Group (GTIG) tracks this crew as UNC6040, and in research published today said they specialize in voice-phishing campaigns targeting Salesforce instances for large-scale data theft and extortion.

World’s first CPU-level ransomware can “bypass every freaking traditional technology we have out there” — new firmware-based attacks could usher in new era of unavoidable ransomware

Posted on 28 May 2025

From tomshardware.com

A cybersecurity expert has created a proof of concept for CPU ransomware.

Rapid7’s Chrstiaan Beek has written proof-of-concept code for ransomware that can attack your CPU, and warns of future threats that could lock your drive until a ransom is paid. This attack would circumvent most traditional forms of ransomware detection.

In an interview with The Register, Beek, who is Rapid7’s senior director of threat analytics, revealed that an AMD Zen chip bug gave him the idea that a highly skilled attacker could in theory “allow those intruders to load unapproved microcode into the processors, breaking encryption at the hardware level and modifying CPU behavior at will.”

Don’t click on that Facebook ad for a text-to-AI-video tool

Posted on 28 May 2025

from theregister.com

A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.

The Google-owned threat hunters identified thousands of malicious ads on Facebook and about 10 on LinkedIn since November 2024. These ads directed viewers to more than 30 phony websites masquerading as legitimate AI video generator tools, including Luma AI, Canva Dream Lab, and Kling AI, falsely promising text- and image-to-video generation.