Search

bleepingcomputer.com › news › security

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

…While BOD 22-01 applies only to U.S. government agencies, the cybersecurity agency also urged all network defenders, including the private sector, to secure their networks against ongoing CVE-2026-28318…

Jun 5, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

Microsoft blames unexpected Windows driver updates on caching issue

3d ago

bleepingcomputer.com

Microsoft's Coreutils project brings Linux commands to Windows

5d ago

bleepingcomputer.com

Microsoft Exchange Online outage causes email delays, failures

5d ago

bleepingcomputer.com

Microsoft: Domain Controller lookup may fail on Windows Server 2016

1w ago

bleepingcomputer.com › news › security

Trend Micro warns of Apex One zero-day exploited in the wild

…cyber actors and pose significant risks to the federal enterprise," CISA warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

OpenAI confirms security breach in TanStack supply chain attack

…This rotation will require macOS users to update their OpenAI desktop applications before June 12, 2026, as applications signed with the older certificates may not launch or receive updates due to Apple…

May 14, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Ubiquiti patches three max severity UniFi OS vulnerabilities

…UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Popular node-ipc npm package compromised to steal credentials

…The recent supply-chain attack was detected by multiple application security companies, including Socket , Ox Security , and Upwind , who confirmed the following three versions as malicious: node-ipc@9.1.6 node…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls

…Why DLP is Failing, Browser Work is Hidden Enterprise workflows have shifted from software on the endpoint to browser-based applications. Today, employees commonly use Google Workspace, Microsoft 365, or Salesforce; developers…

May 7, 2026

bleepingcomputer.com › news › security

Former US execs plead guilty to aiding tech support scammers

…center agents who asked for hundreds of dollars for fictitious technical services, while impersonating Microsoft and Apple in some cases. Some scammers also allegedly remotely accessed their victims' computers and, in some…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

JDownloader site hacked to replace installers with Python RAT malware

…JDownloader is a widely used free download management application that supports automated downloads from file-hosting services, video sites, and premium link generators. The software has been available for more than a…

May 9, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

New Linux 'Dirty Frag' zero-day gives root on all major distros

…cybersecurity agency warned at the time. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In April…

May 8, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…Added information from Microsoft Threat Intelligence's analysis of a payload delivered via a compromised Mistral AI package.   99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into…

May 12, 2026 · Bill Toulas