Search

bleepingcomputer.com › news › security

Critical vm2 sandbox bug lets attackers execute code on hosts

…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…

May 6, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Ubiquiti patches three max severity UniFi OS vulnerabilities

1w ago

bleepingcomputer.com

Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation

1w ago

bleepingcomputer.com

Microsoft confirms Windows 11 security update install issues

1w ago

bleepingcomputer.com › news › security

Max-severity flaw in ChromaDB for AI apps allows server hijacking

Max-severity flaw in ChromaDB for AI apps allows server hijacking By Bill Toulas May 19, 2026 06:25 PM A max-severity vulnerability in the latest Python FastAPI version of the…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New critical Exim mailer flaw allows remote code execution

…vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185 , the security issue…

May 13, 2026 · Bill Toulas

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 26, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Hackers bypass SonicWall VPN MFA due to incomplete patching

…SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP…

May 20, 2026 · Bill Toulas

bleepingcomputer.com › news › security

How Varonis Atlas integrates Claude Compliance API for AI governance

…and agents for vulnerabilities such as prompt injection and jailbreaks.  In addition, Varonis Atlas can stress-test assistants and agents for vulnerabilities such as prompt injection and jailbreaks.  Secure AI and the…

May 26, 2026

bleepingcomputer.com › news › security

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

…Sponsored and written by Picus Security . Artificial Intelligence Autonomous Validation Cybersecurity Picus Security Vulnerability Previous Article Next Article

May 13, 2026

bleepingcomputer.com › news › security

Hackers exploit FortiClient EMS flaw to push infostealer malware

…security watchdog group The Shadowserver Foundation reported at the time that it was seeing 2,000 internet-exposed EMS instances. Earlier this month, cybersecurity company Arctic Wolf observed attacks leveraging the vulnerability…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Škoda warns of customer data breach after online shop hack

…authorities and has fixed the security flaw exploited in the attack. "As part of our technical security monitoring, we discovered that unauthorized individuals had exploited a vulnerability in the standard software used…

May 12, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign By Bill Toulas May 24, 2026 10:12 AM A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE…

May 24, 2026 · Bill Toulas