Search

bleepingcomputer.com › news › security

OpenAI confirms security breach in TanStack supply chain attack

…Security researchers say the malware also established persistence on developer systems by modifying Claude Code hooks and VS Code auto-run tasks, enabling it to survive package removal. The malware spread to…

May 14, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

SHub macOS infostealer variant spoofs Apple security updates

…SentinelOne warns that the malware establishes persistence by installing a script impersonating the Google software update and registers it using LaunchAgent. The script is executed every minute and acts as a beacon…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…The vulnerability, tracked as CVE-2026-8732, has a critical severity rating and impacts WP Maps Pro versions 6.1.0 and older. It was discovered and reported by security researcher David…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

How SIEM helps MSPs reduce noise and stop threats faster

How SIEM helps MSPs reduce noise and stop threats faster Sponsored by Kaseya May 28, 2026 10:01 AM MSPs are flooded with security alerts every day, yet many still struggle to…

May 28, 2026

bleepingcomputer.com › news › security

Popular node-ipc npm package compromised to steal credentials

…The recent supply-chain attack was detected by multiple application security companies, including Socket , Ox Security , and Upwind , who confirmed the following three versions as malicious: node-ipc@9.1.6 node…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google accidentally exposed details of unfixed Chromium flaw

…The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. An attacker could exploit the problem to create…

May 21, 2026 · Bill Toulas

bleepingcomputer.com › news › security

DAEMON Tools devs confirm breach, release malware-free version

…Our current analysis indicates that DAEMON Tools Pro and DAEMON Tools Ultra were not affected and absolutely safe." In a separate statement published earlier today, Disc Soft also said it has secured…

May 6, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…chalk-tempalte – Shai-Hulud clone (information stealer) @deadcode09284814/axios-util – Credential and cloud config stealer axois-utils – Infostealer + persistent DDoS botnet (“phantom bot”) color-style-utils – Basic infostealer targeting crypto wallets and…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New TCLBanker malware self-spreads over WhatsApp and Outlook

…Additionally, the malware includes self-spreading worm modules for WhatsApp and Outlook that automatically infect new victims. The new banking trojan was discovered by Elastic Security Labs , whose researchers believe it’s…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls

…Shadow Accounts and Instances: Even within approved domains and applications, risk and visibility gaps persist. A user may upload PHI records to an AI prompt using a personal account,  store sensitive files…

May 7, 2026