Search

bleepingcomputer.com › news › security

VS Code zero-day lets hackers steal GitHub tokens in one click

…As researcher Ammar Askar explained in a blog post on Tuesday, this VS Code vulnerability allows attackers to install malicious extensions that steal GitHub OAuth tokens when they are passed to github…

Jun 3, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New Fragnesia Linux flaw lets attackers gain root privileges

…rmmod esp4 esp6 rxrpc printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf Fragnasia's disclosure comes as Linux distros are still…

May 14, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New Linux 'Dirty Frag' zero-day gives root on all major distros

…sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true" This new zero…

May 8, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

New TCLBanker malware self-spreads over WhatsApp and Outlook

…This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: New GoGra malware for Linux uses Microsoft Graph API for comms Cybercrime service disrupted for abusing Microsoft…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

…Organizations using GlobalProtect VPN devices should immediately install the latest security updates to patch the flaws. Admins can also mitigate the flaw by turning off the authentication override feature or utilizing a…

May 30, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Critical Kirki flaw exploited to hijack WordPress admin accounts

…Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases. The flaw was discovered by security researcher…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › microsoft

Microsoft blames macOS update for undismissible Teams location prompts

…This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Kali Linux can now run in Apple containers on macOS systems SHub macOS infostealer variant spoofs Apple…

May 19, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

WP Maps Pro bug exploited to create admin accounts on WordPress sites

…This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Hackers exploit critical flaw in Ninja Forms WordPress plugin Avada Builder WordPress plugin flaws allow site credential…

May 31, 2026 · Bill Toulas

bleepingcomputer.com › news › security

UK fines water supplier $1.3M for exposing data of 664k customers

…This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: UK fines LastPass over 2022 data breach impacting 1.6 million users GM agrees to $12.75M…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

GitHub investigates internal repositories breach claimed by TeamPCP

…GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS Code extension. GitHub is investigating a breach of its internal repositories after the TeamPCP…

May 20, 2026 · Sergiu Gatlan