SHub macOS infostealer variant spoofs Apple security updates
SHub macOS infostealer variant spoofs Apple security updates By Bill Toulas May 18, 2026 05:42 PM A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security…
Search
WP Maps Pro bug exploited to create admin accounts on WordPress sites
…It was discovered and reported by security researcher David Brown. WP Maps Pro is a premium WordPress plugin for building interactive, customizable maps and store locators. It supports multiple map providers, such…
Avada Builder WordPress plugin flaws allow site credential theft
…The other security issue received the identifier CVE-2026-4798 and is an SQL injection that can be leveraged without authentication. However, exploitation is possible only if the WooCommerce e-commerce plugin…
New critical Exim mailer flaw allows remote code execution
…Identified as CVE-2026-45185 , the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a…
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
…Earlier this month, Abnormal Security confirmed that Tycoon2FA had rebounded to normal operations and even added new obfuscation layers to strengthen its resilience against new disruption attempts. In late April, Tycoon2FA was…
Max-severity flaw in ChromaDB for AI apps allows server hijacking
…The authentication check is only performed after that step, bypassing security. “The authentication is not missing, [it’s] just in the wrong place,” explains HiddenLayer . “By the time it fires, the model…
7-Eleven confirms data breach claimed by the ShinyHunters gang
…We also wanted to apologize for any inconvenience this may cause you." However, while 7-Eleven didn't share further information on the incident or the number of people affected by the…
Charter confirms data breach after ShinyHunters extortion threat
…it is alerting authorities about the incident and that no sensitive personal customer information was stolen. "We are aware of the situation, following our security protocols and are in the process of…
Popular node-ipc npm package compromised to steal credentials
…The recent supply-chain attack was detected by multiple application security companies, including Socket , Ox Security , and Upwind , who confirmed the following three versions as malicious: node-ipc@9.1.6 node…
Hackers exploit FortiClient EMS flaw to push infostealer malware
…CISA reacted quickly to the malicious activity and ordered federal agencies to secure their instances by the end of that week, while the internet security watchdog group The Shadowserver Foundation reported at…