Search

bleepingcomputer.com › news › security

WordPress malware campaign hides payloads in Steam profiles

…platform, the attacker avoids maintaining a separate C2 infrastructure and evades traditional detection methods. Since the campaign was first uncovered in July 2025, GoDaddy security engineers have found malware on approximately 1…

Jun 1, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Path traversal flaw in AI dev platform Langflow exploited in attacks

6d ago

bleepingcomputer.com

Oxford University discloses data breach after careers platform hack

1w ago

bleepingcomputer.com

New Apple feature automatically changes your compromised passwords

1w ago

bleepingcomputer.com › news › security

New GhostLock tool abuses Windows API to block file access

…This technique, created by Kim Dvash of Israel Aerospace Industries, abuses the Windows ' CreateFileW ' API and file-sharing modes to prevent other users and applications from opening files while handles remain active…

May 11, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

OptinMonster WordPress plugin hacked in CDN supply-chain attack

…site, migrated it to a new server, and rotated all credentials, including the CDN API key,” Awesome Motive stated . The company also assured that its application servers, source code, and plugin hosting…

Jun 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Instructure reaches 'agreement' with ShinyHunters to stop data leak

…The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities worldwide. In a Tuesday statement, Instructure said the cybercrime gang also…

May 12, 2026 · Sergiu Gatlan