Critical vm2 sandbox bug lets attackers execute code on hosts
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
Search
Microsoft Defender can now automatically isolate hacked endpoints
…Microsoft explained, they can also be released from containment at any time by security operators after completing the incident investigation and mitigating the risks. To release a device from automatic isolation, select…
Funnel Builder WordPress plugin bug exploited to steal credit cards
…E-commerce security company Sansec detected the malicious activity and noticed that the payload (analytics-reports[.]com/wss/jquery-lib.js) is disguised as a fake Google Tag Manager/Google Analytics script…
GitHub investigates internal repositories breach claimed by TeamPCP
…In March, the hacker group also compromised Aqua Security's Trivy vulnerability scanner , which is believed to have led to cascading compromises affecting Aqua Security Docker images and the Checkmarx KICS project…
Android 17 to expand banking scam call and privacy protections
Android 17 to expand banking scam call and privacy protections By Bill Toulas May 12, 2026 01:00 PM Android 17, expected to roll out next month, will introduce several security and…
Discord rolls out end-to-end encryption on voice, video calls
…No opt-in required.” - Discord DAVE was first introduced in September 2024 , developed with assistance and auditing from Trail of Bits, to secure audio and video calls, group chats, voice channels, and…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
…The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device. "Yesterday we detected and contained a compromise of an employee device involving…
SHub macOS infostealer variant spoofs Apple security updates
SHub macOS infostealer variant spoofs Apple security updates By Bill Toulas May 18, 2026 05:42 PM A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security…
Avada Builder WordPress plugin flaws allow site credential theft
…The other security issue received the identifier CVE-2026-4798 and is an SQL injection that can be leveraged without authentication. However, exploitation is possible only if the WooCommerce e-commerce plugin…
New critical Exim mailer flaw allows remote code execution
…Identified as CVE-2026-45185 , the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a…