Search

bleepingcomputer.com › news › security

18-year-old NGINX vulnerability allows DoS, potential RCE

…Beaumont stressed that the researchers’ exploit was built against a deliberately vulnerable setup and does not demonstrate reliable code execution against hardened real-world systems AlmaLinux echoed a similar assessment in their…

May 14, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…outlets, fintech firms, security sites, and personal blogs. According to the researchers, threat actors planted malicious code on the websites of Harvard University, Oxford University, Auburn University, and DuckDuckGo.   CVE-2026-26980…

May 24, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google fixes one actively exploited Android zero-day, 124 flaws

…Local attackers can exploit the actively abused high-severity Android Framework vulnerability (tracked as CVE-2025-48595) to gain code execution and escalate privileges on devices running Android 14 or later. "There…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

…exploited in the wild. More recently, in March, Oracle released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) in Identity Manager and…

Jun 2, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

Gogs patches critical zero-day enabling remote code execution

1d ago

bleepingcomputer.com

Cisco warns of critical Unified CM flaw with PoC exploit code

5d ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

6d ago

bleepingcomputer.com

New Gogs zero-day flaw lets hackers get remote code execution

1w ago

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

…Successful exploitation can potentially lead to information disclosure, privilege escalation, and even remote code execution. The Drupal security team tagged the flaw as "highly critical" before releasing patches and confirming that exploitation…

May 26, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

…Hackers now exploit SolarWinds Serv-U flaw to crash servers By Sergiu Gatlan June 5, 2026 03:15 PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers…

Jun 5, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › artificial-intelligence

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

…It looks like Anthropic may have developed a strong guardrail system, as Claude Code and Claude Security now have references to the Mythos model. In fact, some users briefly noticed the toggle…

May 25, 2026 · Mayank Parmar

bleepingcomputer.com › news › security

Race Against Time: Why Faster Vulnerability Alerts Matter

…readers a limited time 50% discount for 12 months using the code BLEEPING26. Try SecAlerts now. Sponsored and written by SecAlerts . Actively Exploited Cybersecurity SecAlerts Security Alert Vulnerability Previous Article Next Article

Jun 1, 2026

bleepingcomputer.com › news › security

Critical UniFi OS bug lets hackers gain root without authentication

…remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google accidentally exposed details of unfixed Chromium flaw

…The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. An attacker could exploit the problem to create…

May 21, 2026 · Bill Toulas