Search

bleepingcomputer.com › news › security

SHub macOS infostealer variant spoofs Apple security updates

SHub macOS infostealer variant spoofs Apple security updates By Bill Toulas May 18, 2026 05:42 PM A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security…

May 18, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Why AI-driven threats are exposing the limits of MSP security stacks

1w ago

bleepingcomputer.com

GitHub announces npm security changes to tackle supply-chain attacks

1w ago

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

1w ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

1w ago

bleepingcomputer.com › news › security

GitHub confirms breach of 3,800 repos via malicious VSCode extension

…The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. "Yesterday we detected and contained a compromise of an employee device involving…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Credit card theft campaign abuses Stripe to host stolen payment info

…The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › security

SimpleHelp bug lets hackers create rogue remote support accounts

…Researchers at offensive security company Horizon3.ai explain that the issue is caused by how identity assertions received from an OIDC identity provider (IdP) are validated. When OIDC authentication is enabled, an…

Jun 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New IronWorm malware hits 36 packages in npm supply-chain attack

…Application security company Ox Security says that the IronWorm attack was detected very early and stopped before it spread to more popular packages on npm. The company provides a list of all…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…It was discovered and reported by security researcher David Brown. WP Maps Pro is a premium WordPress plugin for building interactive, customizable maps and store locators. It supports multiple map providers, such…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical Everest Forms Pro flaw exploited to take over WordPress sites

…The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. Everest Forms Pro is a commercial…

Jun 6, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

…Earlier this month, Abnormal Security confirmed that Tycoon2FA had rebounded to normal operations and even added new obfuscation layers to strengthen its resilience against new disruption attempts. In late April, Tycoon2FA was…

May 17, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New critical Exim mailer flaw allows remote code execution

…Identified as CVE-2026-45185 , the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a…

May 13, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Avada Builder WordPress plugin flaws allow site credential theft

…The other security issue received the identifier CVE-2026-4798 and is an SQL injection that can be leveraged without authentication. However, exploitation is possible only if the WooCommerce e-commerce plugin…

May 15, 2026 · Bill Toulas