Search

bleepingcomputer.com › news › security

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

…This file could later be used to elevate to root." Cisco said its Product Security Incident Response Team (PSIRT) became aware of the exploitation of CVE-2026-20262 earlier this month and…

Jun 15, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

Why AI-driven threats are exposing the limits of MSP security stacks

1w ago

bleepingcomputer.com

GitHub announces npm security changes to tackle supply-chain attacks

1w ago

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

1w ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

1w ago

bleepingcomputer.com › news › security

Charter Communications data breach affects 4.9 million accounts

…The company confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal customer information and that it had alerted authorities about the incident. "No sensitive personal information…

May 29, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

phpBB forum fixes auth bypass bug lurking for a decade

…Researchers at application security company Aikido found the bug on June 2nd and reported it through the developer's HackerOne Vulnerability Disclosure Program. phpBB responded to the report immediately and addressed the…

Jun 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google patches new Chrome zero-day flaw exploited in the wild

…While Google says the security update could take days or weeks to reach all Chrome users, the update was available immediately when BleepingComputer checked for updates earlier today. Users who prefer not…

Jun 9, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft Defender can now automatically isolate hacked endpoints

…Microsoft explained, they can also be released from containment at any time by security operators after completing the incident investigation and mitigating the risks. To release a device from automatic isolation, select…

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

WhatsApp says it disrupted new NSO spyware phishing attacks

…courts, securing a permanent injunction against it in 2025, a declaration of liability for 1,400 infections, and an associated $167,000,000 fine . According to Meta’s latest announcement, these prior…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Funnel Builder WordPress plugin bug exploited to steal credit cards

…E-commerce security company Sansec detected the malicious activity and noticed that the payload (analytics-reports[.]com/wss/jquery-lib.js) is disguised as a fake Google Tag Manager/Google Analytics script…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

…At this stage, the attacker strengthened their persistence, created rogue users, abused the LimitBlankPassword security policy in Windows for easy access, and modified firewall rules. Next, they used BYOVD techniques with multiple…

Jun 16, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical Kirki flaw exploited to hijack WordPress admin accounts

…The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours. The full name of the plugin is Kirki…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Steam Workshop abused to spread malware via Wallpaper Engine app

…Kaspersky warns that the feature represents a built-in security risk and has been abused to deliver malware to Steam users. According to the researchers, attackers took advantage of this security gap…

Jun 16, 2026 · Bill Toulas