Search

bleepingcomputer.com › news › security

Official CheckMarx Jenkins package compromised with infostealer

…The threat actor maintained access for at least a month and then published a malicious version of the company's KICS analysis tool on Docker, Open VSX, and VSCode, which harvested data…

May 11, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Spain arrests doxer leaking sensitive data of govt employees

3d ago

bleepingcomputer.com

California AG sues 23andMe over 2023 breach exposing health data

6d ago

bleepingcomputer.com

Charter Communications data breach affects 4.9 million accounts

6d ago

bleepingcomputer.com

Charter confirms data breach after ShinyHunters extortion threat

1w ago

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

May 24, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New Shai-Hulud malware wave compromises 600 npm packages

…The threat actor also used GitHub as a fallback exfiltration mechanism and published stolen data in repositories under victims' accounts, when tokens used for publishing were found. According to application security company…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

…A browser-based AI tool that connects to company data through a quick login approval bypasses those controls entirely, because it never passes through the corporate network at all. According to Adaptive…

May 18, 2026

bleepingcomputer.com › news › security

18-year-old NGINX vulnerability allows DoS, potential RCE

…one to calculate the amount of memory to allocate, and one to copy the actual data. An ‘is_args’ flag remains set after a rewrite containing ‘?’, causing NGINX to calculate buffer size…

May 14, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Dutch govt disrupts malware botnet with 17 million infected devices

…According to the authorities, the seized servers controlled "computers, tablets, and smartphones to carry out cyberattacks." Botnets are networks of compromised devices used for illegal activities such as distributed denial-of-service…

May 29, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New GhostLock tool abuses Windows API to block file access

…The parallel to ransomware is the operational downtime window, not data loss," Dvash told BleepingComputer. While this attack is more akin to a denial-of-service technique, it could be useful as…

May 11, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Funnel Builder WordPress plugin bug exploited to steal credit cards

…According to Sansec, the attacker-controlled server delivers a customized payment card skimmer that steals the following information: Credit card numbers CVVs Billing addresses Other customer information Payment card skimmers enable threat…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Signal adds security warnings for social engineering, phishing attacks

…This allows threat actors to link their device to the target account and obtain access to all the data. “To help protect Signal users from phishing and social engineering attacks, we’ve…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

AI-built ransomware toolkit automates EDR evasion, AD discovery

…Cobalt Strike profiles designed to make beacon traffic resemble legitimate web requests A Telegram bot API–based external command and control (C2) mechanism that routed communication through Telegram’s infrastructure rather than…

Jun 2, 2026 · Bill Toulas