Search

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…A threat actor using the account deadcode09284814  published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency…

May 18, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

French govt messaging service breached in account hijacking attack

4d ago

bleepingcomputer.com

Over 20,000 Instagram accounts stolen in Meta AI support hack

5d ago

bleepingcomputer.com

DentaQuest data breach exposed info of 2.6 million accounts

1w ago

bleepingcomputer.com

Instagram users locked out after Meta AI abused to steal accounts

1w ago

bleepingcomputer.com › news › security

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

…base authentication level, and specifies that access decisions should account for whether the device used for the request has the proper security posture. In practice, most organizations still treat authentication as a…

May 20, 2026

bleepingcomputer.com › news › security

Instructure confirms hackers used Canvas flaw to deface portals

Instructure confirms hackers used Canvas flaw to deface portals By Ionut Ilascu May 11, 2026 11:26 AM Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify…

May 11, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

New Shai-Hulud malware wave compromises 600 npm packages

…The threat actor also used GitHub as a fallback exfiltration mechanism and published stolen data in repositories under victims' accounts, when tokens used for publishing were found. According to application security company…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New IronWorm malware hits 36 packages in npm supply-chain attack

…Application security company Ox Security says that the IronWorm attack was detected very early and stopped before it spread to more popular packages on npm. The company provides a list of all…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Maine breach portal abused to publish fake data breach disclosures

…the hack, claims that steps have been taken to increase security, and what users should do to increase protection for their account. Charles Tupper, Head of Community at VRChat, told BleepingComputer that…

Jun 11, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Charter confirms data breach after ShinyHunters extortion threat

…Since last year, the extortion group has been conducting widespread social engineering campaigns that target employees and BPO agents' Microsoft Entra, Okta, and Google SSO accounts. After gaining access to a corporate…

May 26, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Spain arrests doxer leaking sensitive data of govt employees

…to 28,000 stolen accounts INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers Canada arrests three for operating “SMS blaster” device in Toronto Arrest Doxing National Security Police Seizure Spain Bill Toulas…

Jun 1, 2026 · Bill Toulas

bleepingcomputer.com › news › security

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

…The first step is discovering which AI tools are in use across the organization, and most security teams will find the answer surprising. Three areas account for the majority of shadow AI…

May 18, 2026

bleepingcomputer.com › news › security

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

…The findings reveal an increasingly professionalized ecosystem focused on affiliate growth, automation, phishing scalability, wallet-security bypasses, and operational resilience. The analyzed data suggests that modern drainer operations increasingly function similarly to…

May 21, 2026