Search

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…According to the researchers, the malicious code on the platform “convinced users to download a fake installer,” which led to the machine getting infected with a Cobalt Strike beacon, essentially planting a…

May 26, 2026 · Ionut Ilascu

Top stories

bleepingcomputer.com

SAP fixes critical flaws in NetWeaver and Commerce Cloud

6d ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

1w ago

bleepingcomputer.com › news › microsoft

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

May 12, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Instructure confirms hackers used Canvas flaw to deface portals

…According to ShinyHunters, the Instructure breach impacts 8,809 educational organizations (schools, universities, colleges, online platforms) and the hackers claim to have stolen 275 million records belonging to students, teachers, and other…

May 11, 2026 · Ionut Ilascu

bleepingcomputer.com › news › microsoft

Microsoft fixes outage affecting MFA setup, MySignIn service

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

Jun 1, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

18-year-old NGINX vulnerability allows DoS, potential RCE

…Owned and maintained by American tech firm F5, the web server is used by cloud providers, SaaS companies, banks, media platforms, e-commerce sites, and in Kubernetes clusters. CVE-2026-42945 is…

May 14, 2026 · Bill Toulas

bleepingcomputer.com › news › security

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

…Fake CAPTCHA/ClickFix pages disguised as Zoom and LAPAS sites trick victims into running self-infecting commands through fake Cloudflare verification prompts. PrincessClub: Fake Ukrainian adult/dating websites delivering FallSpy Android spyware…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Police seize “First VPN” service used in ransomware, data theft attacks

…can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6…

May 21, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Laravel Lang packages hijacked to deploy credential-stealing malware

…The downloaded PHP payload [ VirusTotal ] was a large cross-platform credential stealer for Linux, macOS, and Windows that harvests cloud credentials, Kubernetes secrets, Vault tokens, Git credentials, CI/CD secrets, SSH keys…

May 23, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Canvas login portals hacked in mass ShinyHunters extortion campaign

…Last week, Instructure disclosed that it was investigating a cyberattack after threat actors claimed to have stolen 280 million student and staff records tied to 8,809 schools , universities, and education platforms…

May 7, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Nottingham University data breach affects over 450,000 students

…Nottingham University is the second UK university to have disclosed a data breach in recent days, with the University of Oxford revealing last week that its CareerConnect career services platform had been…

Jun 11, 2026 · Sergiu Gatlan