Search

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…to install a “security authentication plugin” and to load a malicious script from a domain under the attacker’s control. Over the past year, hackers have used improperly secured machine keys in…

May 26, 2026 · Ionut Ilascu

Top stories

bleepingcomputer.com

GitHub announces npm security changes to tackle supply-chain attacks

5d ago

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

6d ago

bleepingcomputer.com › news › security

Critical Kirki flaw exploited to hijack WordPress admin accounts

…Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases. The flaw was discovered by security researcher…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…The vulnerability, tracked as CVE-2026-8732, has a critical severity rating and impacts WP Maps Pro versions 6.1.0 and older. It was discovered and reported by security researcher David…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Russian hackers turn Kazuar backdoor into modular P2P botnet

…Microsoft underlines Kazuar's versatility, which now supports 150 configuration options allowing operators to enable/disable specific security bypasses, perform task scheduling, time the data theft and size of exfiltration chunks, perform…

May 16, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Hackers bypass SonicWall VPN MFA due to incomplete patching

…During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out. SonicWall warned in a security advisory…

May 20, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Max severity Cisco Secure Workload flaw gives Site Admin privileges

…Cybersecurity and Infrastructure Security Agency (CISA)  added the CVE-2026-20182 flaw to its Known Exploited Vulnerabilities Catalog on May 14 and ordered federal agencies to secure affected devices within three days…

May 21, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Chinese hackers hijack auth flow, spy on isolated network for a decade

…This way, the hackers ensured their persistence despite password changes and session terminations, and reduced "the effectiveness of conventional containment measures." Complex cleanup Sygnia says even after discovering the compromise, remediating it…

Jun 13, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical Everest Forms Pro flaw exploited to take over WordPress sites

…The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. Everest Forms Pro is a commercial…

Jun 6, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Instructure reaches 'agreement' with ShinyHunters to stop data leak

…Instructure added today that its leadership will share more information regarding the incident and the measures it has taken to secure its systems against future breach attempts in a May 13 webinar…

May 12, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Avada Builder WordPress plugin flaws allow site credential theft

…The two issues were discovered by security researcher Rafie Muhammad, who reported them through the Wordfence Bug Bounty Program and received $3,386 and $1,067, respectively, for the findings. Wordfence explains…

May 15, 2026 · Bill Toulas