Search

bleepingcomputer.com › news › security

New critical Exim mailer flaw allows remote code execution

…Exim frees a TLS transfer buffer but later continues using stale callback references that can write data into the freed memory region, which can lead to unauthenticated remote code execution (RCE). Exim…

May 13, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Spain arrests doxer leaking sensitive data of govt employees

3d ago

bleepingcomputer.com

California AG sues 23andMe over 2023 breach exposing health data

6d ago

bleepingcomputer.com

Charter Communications data breach affects 4.9 million accounts

6d ago

bleepingcomputer.com

Charter confirms data breach after ShinyHunters extortion threat

1w ago

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads,” Mandiant explains. According to the researchers, the malicious code on the…

May 26, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

New PCPJack worm steals credentials, cleans TeamPCP infections

…PCPJack’s capabilities revolve mainly around credential theft, targeting cloud environments, developer systems, messenger apps, financial services, databases, SSH keys, Slack tokens, WordPress configs, OpenAI keys, Anthropic keys, Discord, DigitalOcean, and more…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Police dismantles 9 crime groups in illegal streaming crackdown

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

Jun 3, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

…Drupal is typically used by large organizations managing massive data structures and multi-site installations, including government entities, educational organizations, major research universities, and high-profile enterprise and media organizations. Google/Mandiant…

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

…An attacker-controlled DNS server could send a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. This would allow…

May 12, 2026 · Lawrence Abrams

bleepingcomputer.com › news › microsoft

Microsoft Defender can now automatically isolate hacked endpoints

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft releases Windows 10 KB5087544 extended security update

…device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased…

May 12, 2026 · Lawrence Abrams