Search

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…Once an infection occurs, the malware writes itself into Claude Code hooks and VS Code auto-run tasks, so uninstalling the malicious packages does not remove it. The self-propagation mechanism remains…

May 12, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Cisco warns of critical Unified CM flaw with PoC exploit code

1d ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

2d ago

bleepingcomputer.com

New Gogs zero-day flaw lets hackers get remote code execution

1w ago

bleepingcomputer.com

KnowledgeDeliver flaw exploited as a zero-day to install web shells

1w ago

bleepingcomputer.com › news › microsoft

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

…on fully patched Windows systems.  The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after…

May 17, 2026 · Lawrence Abrams

bleepingcomputer.com › news › software

Dell confirms its SupportAssist software causes Windows BSOD crashes

…Security researchers have also found major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist that would allow remote attackers to execute code within the BIOS of impacted devices. 99% of What…

May 14, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

TeamPCP hackers advertise Mistral AI code repos for sale

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 14, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

…sold, or exploited. Three aspects stand out in the threat actor’s tutorial: The usage of the Nuclei framework by projectdiscovery.io, which is highly popular among offensive security practitioners.  The understanding…

Jun 4, 2026

bleepingcomputer.com › news › security

Discord rolls out end-to-end encryption on voice, video calls

…Extensive at-scale testing has given Discord the confidence to formally announce the E2EE deployment now, and to start removing client code that supports unencrypted fallback. Discord is a popular online platform…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

What 2026 DBIR Confirms: Attacks Are Living in the Browser

…If your security stack lacks visibility into what's happening inside browser sessions, that gap is worth understanding before attackers exploit it. Request a demo of Keep Aware to see what your…

Jun 5, 2026

bleepingcomputer.com › news › security

Credit card theft campaign abuses Stripe to host stolen payment info

…The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › security

GPU mining malware spreads via SEO poisoning, AI chatbots

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 27, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

WordPress malware campaign hides payloads in Steam profiles

…and POST requests containing the malware's authentication cookies or the new_code parameter. The researchers recommend that security teams prioritize restoring from a known good backup before the infection date. If…

Jun 1, 2026 · Bill Toulas