Search

bleepingcomputer.com › news › security

OpenAI confirms security breach in TanStack supply chain attack

…by using stolen GitHub and npm credentials to compromise maintainer accounts, inject malicious payloads into package tarballs, and publish new trojanized package versions to repositories. Microsoft Threat Intelligence also reported that it…

May 14, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

…this security flaw can be exploited remotely by threat actors with no privileges in low-complexity attacks targeting systems running Oracle WebLogic Server versions 12.2.1.4.0 and 14.1…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight

…NMFTA Cybersecurity Conference Tackles Cyber-Enabled Cargo Crime Join your peers for the NMFTA 2026 Cybersecurity Conference to learn about real-world threat intelligence, research, and practical strategies focused on securing connected…

May 14, 2026

bleepingcomputer.com › news › security

Chinese hackers breach REDCap servers, steal medical research

…deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. Google Threat Intelligence Group (GTIG) researchers attribute the attacks to a threat actor tracked as UNC6508, who…

Jun 15, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Why AI-driven threats are exposing the limits of MSP security stacks

6d ago

bleepingcomputer.com

XBOW tests Anthropic's Mythos Preview for offensive security

1w ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

1w ago

bleepingcomputer.com

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

1w ago

bleepingcomputer.com › news › security

Police seize “First VPN” service used in ransomware, data theft attacks

…VPN tools encrypt users’ traffic and hide their real IP addresses. While they are used legitimately to protect privacy on public WiFi, bypass censorship, reduce tracking, and enable secure remote work, threat…

May 21, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Path traversal flaw in AI dev platform Langflow exploited in attacks

…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…

Jun 10, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Over 400 Arch Linux packages compromised to push rootkit, infostealer

…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…

Jun 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Iranian hackers targeted major South Korean electronics maker

…Symantec’s Threat Hunter Team believes the attacker was intelligence-driven, focusing on industrial and intellectual property theft, government espionage, and access to downstream customers or corporate networks. Fortemedia and SentinelOne abuse…

May 13, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…XLab threat intelligence researchers at Chinese cybersecurity company Qianxin, who confirmed impact on more than 700 domains, including university portals, AI/SaaS companies, media outlets, fintech firms, security sites, and personal blogs…

May 24, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Fake Claude AI website delivers new 'Beagle' Windows malware

…shellcode and a decoy PDF, and impersonating update sites from multiple security vendors (e.g., CrowdStrike, SentinelOne, and Trellix). Although Sophos was unable to confidently attribute the campaign to a threat actor…

May 7, 2026 · Bill Toulas