Search

bleepingcomputer.com › news › security

Avada Builder WordPress plugin flaws allow site credential theft

…Impacted website owners/admins are advised to update to Avada Builder version 3.15.3 as soon as possible. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting…

May 15, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Microsoft blames unexpected Windows driver updates on caching issue

3d ago

bleepingcomputer.com

Microsoft fixes KB5089549 Windows security update install issues

6d ago

bleepingcomputer.com

WP Maps Pro bug exploited to create admin accounts on WordPress sites

1w ago

bleepingcomputer.com › news › security

Hackers exploit FortiClient EMS flaw to push infostealer malware

…fortinet-ca2 … successfully updated As such, the researchers recommend defenders look for certificate-authentication anomalies and unexpected changes to Remote Access Profile configurations. Any suspicious administrative activity, such as new accounts, logins…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › microsoft

Windows 11 KB5089549 & KB5087420 cumulative updates released

…New!  This update adds a new icon to show where a printer supports  Windows Protected Print Mode  in print settings. [Enhanced security and performance for batch files]   New!    Administrators and Application Control…

May 12, 2026 · Mayank Parmar

bleepingcomputer.com › news › security

Drupal: Critical SQL injection flaw now targeted in attacks

…owners and administrators are recommended to upgrade immediately to the latest version available for their branch. Those not using PostgreSQL are still advised to update, as the latest security updates also include…

May 22, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ubiquiti patches three max severity UniFi OS vulnerabilities

…Max severity Ubiquiti UniFi flaw may allow account takeover Max severity Cisco Secure Workload flaw gives Site Admin privileges Hackers bypass SonicWall VPN MFA due to incomplete patching Drupal critical update to…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft shares mitigation for YellowKey Windows zero-day

…escalation security issue that attackers can abuse to obtain a SYSTEM shell, and UnDefend , another zero-day that attackers with standard user permissions can exploit to block Microsoft Defender definition updates. While…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Australia warns of ClickFix attacks pushing Vidar Stealer malware

…WordPress site administrators are also advised to apply available security updates for themes and add-ons, and to remove any unused themes/plugins from their platforms. ACSC's security bulletin provides indicators…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Palo Alto Networks firewall zero-day exploited for nearly a month

…Until security updates are available, the company "strongly" advised customers to secure access to the PAN-OS User-ID Authentication Portal by restricting access to trusted zones only, or by disabling the…

May 7, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

OpenAI confirms security breach in TanStack supply chain attack

OpenAI confirms security breach in TanStack supply chain attack By Lawrence Abrams May 14, 2026 03:07 PM OpenAI says two employees' devices were breached in the recent TanStack supply chain attack…

May 14, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

New Gogs zero-day flaw lets hackers get remote code execution

…The researcher reported the security flaw to the Gogs maintainers on March 17, but they have yet to provide a patch or respond to further requests for a status update, despite acknowledging…

May 28, 2026 · Sergiu Gatlan