Search

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Ivanti flaw by Sunday

…the-wild exploitation, the Shadowserver Internet security watchdog reported that attackers had already backdoored many of the Sentry gateways exposed online. Ivanti has yet to update its advisory to warn that CVE…

Jun 12, 2026 · Sergiu Gatlan

Top stories

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

6d ago

bleepingcomputer.com

Windows 11 KB5094126 & KB5093998 cumulative updates released

6d ago

bleepingcomputer.com

Microsoft blames unexpected Windows driver updates on caching issue

1w ago

bleepingcomputer.com › news › security

New Gogs zero-day flaw lets hackers get remote code execution

…The researcher reported the security flaw to the Gogs maintainers on March 17, but they have yet to provide a patch or respond to further requests for a status update, despite acknowledging…

May 28, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Critical Windows Netlogon RCE flaw now exploited in attacks

…On Friday, Belgium's national cybersecurity authority (CCB) warned that attackers are now actively exploiting the CVE-2026-41089 security flaw in the wild and urged admins to immediately patch vulnerable servers…

Jun 1, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › microsoft

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

…The flaw was reportedly tested against Windows 11 Official and Canary builds, as well as Windows 10 systems with the June 2026 security updates installed. When successful, a Windows command prompt will…

Jun 9, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Funnel Builder WordPress plugin bug exploited to steal credit cards

…security advisory from the vendor, seen by Sansec, confirms the malicious activity, saying “we identified an issue that allowed bad actors to inject scripts.” The vendor recommends that website owners and administrators…

May 15, 2026 · Bill Toulas

bleepingcomputer.com › news › security

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

…Fortinet researchers discovered C0XMO and highlighted its modular design, which allows operators to update its exploitation techniques, add/remove targeted architectures, and expand its lateral movement capabilities independently of the main payload…

Jun 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

…Discord or Telegram admins privately messaging users first. Websites asking users to disable wallet security protections. Wallet drained immediately after signing a message instead of sending funds manually. Any platform pressuring users…

May 21, 2026

bleepingcomputer.com › news › security

New GhostLock tool abuses Windows API to block file access

…PoC released Microsoft testing adjustable taskbar, Start menu in Windows 11 Microsoft confirms Windows 11 security update install issues CreateFileW File Lock GhostLock SMB Windows Lawrence Abrams Lawrence Abrams is the owner…

May 11, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

…contains 230 vendor names and is constantly updated. eSentire recommends disabling the OAuth device code flow when not needed, restricting OAuth consent permissions, requiring admin approval for third-party apps, enabling Continuous…

May 17, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Critical UniFi OS bug lets hackers gain root without authentication

…However, organizations should confirm that the update is installed on a system that has not been compromised. Test every layer before attackers do Security teams log 54% of successful attacks and alert…

Jun 8, 2026 · Bill Toulas