Critical vm2 sandbox bug lets attackers execute code on hosts
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
Search
GPU mining malware spreads via SEO poisoning, AI chatbots
…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…
XBOW tests Anthropic's Mythos Preview for offensive security
…it needs precise prompts, explicit threat models, and validation infrastructure to turn strong reasoning into reliable security outcomes. One bit that slightly shocked us here was Mythos Preview’s performance on our…
Over 20,000 Instagram accounts stolen in Meta AI support hack
…As BleepingComputer reported one week ago, the threat actors exploited a flaw in the company's High Touch Support (HTS) tool , an AI-assisted support system that helps users regain access after…
New attack turned Microsoft 365 Copilot into 1-click data theft tool
…Ultimately, AI systems have created new pathways to exploit older bug classes in contexts where they previously would not have been nearly as impactful. Test every layer before attackers do Security teams…
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
…The exposed data was first discovered by security researcher Bob Diachenko, who says he found a server containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext…
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
…controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Hackers exploit FortiClient EMS flaw…
Instructure reaches 'agreement' with ShinyHunters to stop data leak
…that data had been stolen in the cyberattack. Instructure confirmed to BleepingComputer that ShinyHunters exploited a security issue in the Free-for-Teacher environment, a free, limited version of Canvas LMS for…
Microsoft backpedals: Edge to stop loading passwords into memory
…Edge security feature to protect users against malicious extensions sideloaded into the web browser, and restricted access to Edge's Internet Explorer mode after hackers began leveraging zero-day exploits in the…
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
…33 AM The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. The competition took place at the OffensiveCon…