Search

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…outlets, fintech firms, security sites, and personal blogs. According to the researchers, threat actors planted malicious code on the websites of Harvard University, Oxford University, Auburn University, and DuckDuckGo.   CVE-2026-26980…

May 24, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google fixes one actively exploited Android zero-day, 124 flaws

…Local attackers can exploit the actively abused high-severity Android Framework vulnerability (tracked as CVE-2025-48595) to gain code execution and escalate privileges on devices running Android 14 or later. "There…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

…exploited in the wild. More recently, in March, Oracle released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) in Identity Manager and…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

…Successful exploitation can potentially lead to information disclosure, privilege escalation, and even remote code execution. The Drupal security team tagged the flaw as "highly critical" before releasing patches and confirming that exploitation…

May 26, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

Cisco warns of critical Unified CM flaw with PoC exploit code

2d ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

3d ago

bleepingcomputer.com

New Gogs zero-day flaw lets hackers get remote code execution

1w ago

bleepingcomputer.com

KnowledgeDeliver flaw exploited as a zero-day to install web shells

1w ago

bleepingcomputer.com › news › security

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

…Hackers now exploit SolarWinds Serv-U flaw to crash servers By Sergiu Gatlan June 5, 2026 03:15 PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers…

Jun 5, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › artificial-intelligence

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

…It looks like Anthropic may have developed a strong guardrail system, as Claude Code and Claude Security now have references to the Mythos model. In fact, some users briefly noticed the toggle…

May 25, 2026 · Mayank Parmar

bleepingcomputer.com › news › security

Race Against Time: Why Faster Vulnerability Alerts Matter

…readers a limited time 50% discount for 12 months using the code BLEEPING26. Try SecAlerts now. Sponsored and written by SecAlerts . Actively Exploited Cybersecurity SecAlerts Security Alert Vulnerability Previous Article Next Article

Jun 1, 2026

bleepingcomputer.com › news › security

Google accidentally exposed details of unfixed Chromium flaw

…The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. An attacker could exploit the problem to create…

May 21, 2026 · Bill Toulas

bleepingcomputer.com › news › security

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

…code on vulnerable servers. "Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution…

May 12, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026

…coding agents. On the third and final day of the contest, the competitors hacked Windows 11 and Red Hat Enterprise Linux for Workstations again, and used a memory corruption bug to exploit…

May 18, 2026 · Sergiu Gatlan