Search

bleepingcomputer.com › news › security

Drupal: Critical SQL injection flaw now targeted in attacks

…The flaw is exploitable without authentication and could result in remote code execution, privilege escalation, and information disclosure. In an update to the advisory on May 22, Drupal confirmed that exploitation attempts…

May 22, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Max-severity flaw in ChromaDB for AI apps allows server hijacking

…New Langflow flaw actively exploited to hijack AI workflows New critical Exim mailer flaw allows remote code execution AI Artificial Intelligence ChromaDB Python RCE Remote Code Execution Vulnerability Zero-Day Bill Toulas…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…Once an infection occurs, the malware writes itself into Claude Code hooks and VS Code auto-run tasks, so uninstalling the malicious packages does not remove it. The self-propagation mechanism remains…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › microsoft

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

…on fully patched Windows systems.  The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after…

May 17, 2026 · Lawrence Abrams

Top stories

bleepingcomputer.com

Cisco warns of critical Unified CM flaw with PoC exploit code

2d ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

3d ago

bleepingcomputer.com

New Gogs zero-day flaw lets hackers get remote code execution

1w ago

bleepingcomputer.com

KnowledgeDeliver flaw exploited as a zero-day to install web shells

1w ago

bleepingcomputer.com › news › software

Dell confirms its SupportAssist software causes Windows BSOD crashes

…to execute code within the BIOS of impacted devices. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes…

May 14, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

TeamPCP hackers advertise Mistral AI code repos for sale

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 14, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

…actor could approach the victim and sell the information elsewhere at the same time.  Exploit the vulnerability and detect what’s on the server. Remote code execution can become access sold to…

Jun 4, 2026

bleepingcomputer.com › news › security

Discord rolls out end-to-end encryption on voice, video calls

…No opt-in required.” - Discord DAVE was first introduced in September 2024 , developed with assistance and auditing from Trail of Bits, to secure audio and video calls, group chats, voice channels, and…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

What 2026 DBIR Confirms: Attacks Are Living in the Browser

…exploited. What This Means for Security Teams. Shadow AI, credential theft, malicious extensions, and browser-native social engineering techniques like ClickFix share a common characteristic: they all execute inside the browser, and…

Jun 5, 2026

bleepingcomputer.com › news › security

Credit card theft campaign abuses Stripe to host stolen payment info

…The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every…

Jun 4, 2026 · Bill Toulas