Search

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Popular node-ipc npm package compromised to steal credentials TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms security breach…

May 18, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

2d ago

bleepingcomputer.com

New Apple feature automatically changes your compromised passwords

3d ago

bleepingcomputer.com

Hola Browser for Windows compromised to deliver cryptominer

1w ago

bleepingcomputer.com

Red Hat npm packages compromised to steal developer credentials

1w ago

bleepingcomputer.com › news › security

Ivanti: Max severity Sentry flaw allows code execution as root

…Formerly known as MobileIron Sentry, Ivanti Sentry is a security gateway appliance that secures traffic between back-end corporate systems and remote mobile devices. Tracked as CVE-2026-10520 , the maximum-severity…

Jun 10, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Chinese APT deploys new malware to keep access to hacked networks

…The researchers compiled a list of indicators of compromise (IOCs) linked to the investigated UNC5221 campaign and published them here . Test every layer before attackers do Security teams log 54% of successful…

Jun 5, 2026 · Bill Toulas

bleepingcomputer.com › news › security

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

…One case involved confirmed post-compromise activity associated with Qilin ransomware affiliate," the company said. "Customers using IKEv1 key exchange protocol are strongly encouraged to apply the available security updates immediately." Check…

Jun 9, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

…Unlike traditional malware operations, crypto drainers typically rely on social engineering rather than device compromise. Victims are lured to fake crypto, NFT, airdrop, or DeFi websites and asked to connect their wallets…

May 21, 2026

bleepingcomputer.com › news › security

Check Point links VPN zero-day attacks to Qilin ransomware gang

…One case involved confirmed post-compromise activity associated with Qilin ransomware affiliate. Customers using IKEv1 key exchange protocol are strongly encouraged to apply the available security updates immediately." Check Point also shared…

Jun 8, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

CISA flags two-year-old Oracle flaw as actively exploited in attacks

…vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server," Oracle said when it released security patches for CVE-2024-21182 in July 2024 . "Successful attacks of…

Jun 2, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

DentaQuest data breach exposed info of 2.6 million accounts

…The security incident came to light last month, when the infamous extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Spain arrests doxer leaking sensitive data of govt employees

…According to authorities, the individual is responsible for a massive leak of personal data, which carried national security risks because of the people exposed. The police notes that the published data was…

Jun 1, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Instructure confirms hackers used Canvas flaw to deface portals

Instructure confirms hackers used Canvas flaw to deface portals By Ionut Ilascu May 11, 2026 11:26 AM Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify…

May 11, 2026 · Ionut Ilascu