Search

bleepingcomputer.com › news › security

Drupal: Critical SQL injection flaw now targeted in attacks

…The content management system (CMS) project published a PSA on May 18, urging administrators to reserve time for core updates that addressed an issue that threat actors might start exploiting "within hours…

May 22, 2026 · Bill Toulas

bleepingcomputer.com › news › security

How Varonis Atlas integrates Claude Compliance API for AI governance

…activity.   AI Observability:  Visibility into audit and admin events from Claude Platform stored for investigation.   Real-Time Alerts:  Surface risky behavior tied to policy violations and session activity as it happens.  Proactive…

May 26, 2026

bleepingcomputer.com › news › security

BTMOB Android malware service generates custom phishing payloads

…The APK builder included in the offer provides easy customization of the payload without any need to code. Customers can select from a set of permissions the APK requests upon installation, and…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Instagram users locked out after Meta AI abused to steal accounts

…User André says that "Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face." They also…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google fixes one actively exploited Android zero-day, 124 flaws

…Local attackers can exploit the actively abused high-severity Android Framework vulnerability (tracked as CVE-2025-48595) to gain code execution and escalate privileges on devices running Android 14 or later. "There…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

…The link to a Russian-speaking threat actor is supported by the language for the malware panels, comments in code artifacts, and command-and-control (C2) server time configured to UTC+3…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

…Successful exploitation can potentially lead to information disclosure, privilege escalation, and even remote code execution. The Drupal security team tagged the flaw as "highly critical" before releasing patches and confirming that exploitation…

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Avada Builder WordPress plugin flaws allow site credential theft

…Avada Builder is a drag-and-drop webpage builder plugin for the Avada WordPress theme that lets you create and customize website layouts, content sections, and design elements without writing code. The…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

UK fines water supplier $1.3M for exposing data of 664k customers

…At the time, the company dismissed claims from the Cl0p ransomware gang, which claimed the attack (after initially misidentifying their victim), but the leaked data samples appeared genuine. The ICO’s investigation…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

…victim and sell the information elsewhere at the same time.  Exploit the vulnerability and detect what’s on the server. Remote code execution can become access sold to botnet operators, used for…

Jun 4, 2026