Search

bleepingcomputer.com › news › security

Microsoft Self-Service Password Reset abused in Azure data theft attacks

…Targeting Microsoft 365 apps After hijacking the accounts, Storm-2949 used the Microsoft Graph API and custom Python scripts to enumerate users, roles, applications, and service principals, and to evaluate the long…

May 19, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Laravel Lang packages hijacked to deploy credential-stealing malware

4d ago

bleepingcomputer.com

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

1w ago

techcrunch.com

OpenAI says hackers stole some data after latest code security issue | TechCrunch

1w ago

techcrunch.com

A spyware investigator exposed Russian government hackers trying to hijack Signal accounts | TechCrunch

1w ago

android-developers.googleblog.com › 2026 › 05

A look ahead: Making it easier and faster to publish safer apps

…Manage business changes securely with the account transfers feature to help you move ownership to new partners, entities, or team members ( video ). We’ve designed this highly developer-requested feature with safeguards…

xda-developers.com › debian-tampered-binaries

Debian's next release just made it near-impossible for tampered binaries to sneak onto your PC

…Sign in to your XDA account Summary Debian 14 mandates reproducible builds for all new packages, raising supply-chain security. Reproducible packages produce identical hashes everywhere, exposing binary tampering. Debian will block…

May 11, 2026 · Simon Batt

theregister.com › security › 2026 › …

AI agents found vulns in this Linux and Unix print server

Security AI agents found vulns in this popular Linux and Unix print server CUPS server shown spilling out remote code execution and root access In the latest chapter on leaky CUPS, a…

Apr 6, 2026 · Jessica Lyons

Discussions and forums

r/netsec · u/technadu · 2d ago

Threat Intel: ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems Post-Extortion Refusal

Overview: On May 24, 2026, the data breach notification service Have I Been Pwned (HIBP) integrated a dataset originating from an April 2026 extortion campaign targeting 7-Eleven. The breach, attributed to the threat act…

r/Android · u/MishaalRahman · 2w ago

New features, emojis, & security improvements: Here’s everything new coming to Android!

Hi Reddit, We just wrapped up The Android Show | I/O Edition, and a core theme of the show was how we’re making your phone more helpful so that you can spend less time looking at it and more time living your life. To mak…

androidpolice.com

108 more Chrome extensions found to be injecting ads and harvesting data

…The development was highlighted by supply chain security firm Socket (via Toms Guide ), with the report laying out 108 malicious Chrome extensions with roughly 20,000 downloads among them. On the surface…

Apr 15, 2026 · Karandeep Singh Oberoi

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…security teams take the following action: check for affected package versions check for persistence on developer machines rotate all credentials (GitHub tokens, npm tokens, AWS credentials, Vault tokens, Kubernetes service accounts, and…

May 12, 2026 · Bill Toulas

wired.com › story

Hackable Robot Lawn Mower Unlocks a New Nightmare

…The Department of Homeland Security subpoenaed Google in an attempt to obtain the location data and account activity of a Canadian man who criticized US immigration enforcement tactics following the killings of…

May 9, 2026 · Maddy Varner

theregister.com › security › 2026 › …

Two different attackers poisoned popular open source tools

…On March 31, Axios, one of npm's most widely used HTTP client libraries, became a malware delivery vehicle for about three hours after attackers hijacked a maintainer's account and slipped…

Apr 11, 2026 · Jessica Lyons

wired.com › story

The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards

…In other words, the goal of the work is to create protections against agent hijacking or other rogue behavior, as well as transparency and accountability mechanism for recourse in the event of…

Apr 28, 2026 · Lily Hay Newman

techcrunch.com › 2026 › 05 › …

US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers | TechCrunch

…Last year, Williams was arrested and accused of stealing seven unspecified trade secrets — almost certainly cyber exploits, which is code that hijacks software vulnerabilities, and surveillance technology — from Trenchant and then selling…

May 8, 2026 · Lorenzo Franceschi-Bicchierai