Search

bleepingcomputer.com › news › security

Red Hat npm packages compromised to steal developer credentials

…attack ships signed malicious TanStack, Mistral npm packages TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms security breach in TanStack supply chain attack Credential Theft Infostealer Miasma npm Red…

Jun 1, 2026 · Lawrence Abrams

Top stories

bleepingcomputer.com

French govt messaging service breached in account hijacking attack

2d ago

bleepingcomputer.com

Over 20,000 Instagram accounts stolen in Meta AI support hack

3d ago

bleepingcomputer.com

Instagram users locked out after Meta AI abused to steal accounts

1w ago

bleepingcomputer.com

Why the browser is now the front line for AI security

1w ago

bleepingcomputer.com › news › security

New Gogs zero-day flaw lets hackers get remote code execution

…This critical severity argument injection security flaw has yet to be assigned a CVE ID, affects the latest release versions (Gogs 0.14.2 and 0.15.0+dev), and can only…

May 28, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Popular node-ipc npm package compromised to steal credentials TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms security breach…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Fake Claude AI website delivers new 'Beagle' Windows malware

…Paid AI Accounts Are Now a Hot Underground Commodity Fake OpenAI repository on Hugging Face pushes infostealer malware New stealthy Quasar Linux malware targets software developers Threat actor uses Microsoft Teams to…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

…verify the employee, secure the access. But as professionalized threat actors weaponize AI and sophisticated phishing kits, that wall is cracking. Identity is being forced to carry a structural burden it was…

May 20, 2026

bleepingcomputer.com › news › security

GitHub disables Microsoft repos pushing password-stealing malware

…In a report this week, software supply chain management company Cloudsmith concluded  that Microsoft's Azure environment on GitHub and the 'durabletask' repository were compromised via Miasma, which targeted AI coding tools…

Jun 9, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Ivanti warns of new EPMM flaw exploited in zero-day attacks

…Cybersecurity and Infrastructure Security Agency (CISA) gave U.S. government agencies 4 days to secure their systems against CVE-2026-1340 attacks. Multiple other Ivanti EPMM zero-days have been exploited in…

May 7, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Android 17 to expand banking scam call and privacy protections

Android 17 to expand banking scam call and privacy protections By Bill Toulas May 12, 2026 01:00 PM Android 17, expected to roll out next month, will introduce several security and…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

The ‘Miasma’ worm source code briefly leaked on GitHub

…Researchers at SafeDep reported yesterday that the Miasma source code was leaked on GitHub via numerous compromised developer accounts. In each of those accounts, the threat actors leaked the source code in…

Jun 10, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Hackers bypass SonicWall VPN MFA due to incomplete patching

…SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP…

May 20, 2026 · Bill Toulas