Search

bleepingcomputer.com › news › security

Critical Kirki flaw exploited to hijack WordPress admin accounts

…their control, easily hijacking them. Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases. The flaw…

Jun 2, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Spain arrests doxer leaking sensitive data of govt employees

3d ago

bleepingcomputer.com

California AG sues 23andMe over 2023 breach exposing health data

6d ago

bleepingcomputer.com

Charter Communications data breach affects 4.9 million accounts

6d ago

bleepingcomputer.com

Charter confirms data breach after ShinyHunters extortion threat

1w ago

bleepingcomputer.com › news › security

Netherlands seizes 800 servers of hosting firm enabling cyberattacks

…Police seize “First VPN” service used in ransomware, data theft attacks INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers UK fines water supplier $1.3M for exposing data of 664k customers GM…

May 22, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Drupal: Critical SQL injection flaw now targeted in attacks

…SQL injection is a flaw in which attackers inject malicious SQL commands into database queries via user input fields or dialogs on websites, resulting in unauthorized access, modification, or deletion of database…

May 22, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation

…The ghost in this data isn’t the vulnerability count. It’s everything those vulnerabilities unlock when the identity controls aren’t there to stop them. For the 2026 landscape and beyond…

May 19, 2026

bleepingcomputer.com › news › security

GitHub confirms breach of 3,800 repos via malicious VSCode extension

…More recently, in January, two malicious extensions advertised as AI-based coding assistants with 1.5 million installs exfiltrated data from compromised developer systems to servers in China . GitHub's cloud-based…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Fake Claude AI website delivers new 'Beagle' Windows malware

…According to the researchers, NOVupdate.exe  is a signed updater for G Data security solutions that the hacker uses to sideload the malicious  avk.dll  and the encrypted  NOVupdate.exe.dat file…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

US charges Google security engineer with Polymarket insider trading

…your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Charter Communications data breach…

May 29, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Foxconn confirms cyberattack claimed by Nitrogen ransomware gang

…The incident was confirmed by a Foxconn spokesperson when BleepingComputer asked the company to confirm claims by the Nitrogen ransomware operation earlier this week that they had stolen 8 TB of data…

May 13, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

…controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Škoda warns of customer data…

May 12, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

…Doing so authorizes the attacker to register a rogue device with the victim’s Microsoft 365 account, giving them unrestricted access to the victim's data and services, including email, calendar, and…

May 17, 2026 · Bill Toulas