Search

bleepingcomputer.com › news › security

Critical vm2 sandbox bug lets attackers execute code on hosts

…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…

May 6, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

New IronWorm malware hits 36 packages in npm supply-chain attack

1d ago

bleepingcomputer.com

WordPress malware campaign hides payloads in Steam profiles

4d ago

bleepingcomputer.com

ChatGPT share links abused to host fake outage pages to deliver malware

1w ago

bleepingcomputer.com

GPU mining malware spreads via SEO poisoning, AI chatbots

1w ago

bleepingcomputer.com › news › artificial-intelligence

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

…On April 7, Anthropic announced the Mythos in early preview and called it a new frontier model with strikingly advanced capabilities in computer security tasks. Anthropic said the Mythos model shows major…

May 25, 2026 · Mayank Parmar

bleepingcomputer.com › news › security

Trend Micro warns of Apex One zero-day exploited in the wild

…Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats. Tracked…

May 22, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Dashlane password manager users locked out by brute force attacks

…In a statement to BleepingComputer, the password management service confirmed that the suspensions were part of an automated security response designed to protect against account hijacking. “We can confirm that certain Dashlane…

Jun 1, 2026 · Bill Toulas

bleepingcomputer.com › news › security

KnowledgeDeliver flaw exploited as a zero-day to install web shells

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 26, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Critical Kirki flaw exploited to hijack WordPress admin accounts

…The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours. The full name of the plugin is Kirki…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › security

GitHub investigates internal repositories breach claimed by TeamPCP

…In March, the hacker group also compromised Aqua Security's Trivy vulnerability scanner , which is believed to have led to cascading compromises affecting Aqua Security Docker images and the Checkmarx KICS project…

May 20, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Glassworm botnet disrupted after resilient C2 infrastructure takedown

…The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger…

May 27, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Discord rolls out end-to-end encryption on voice, video calls

…No opt-in required.” - Discord DAVE was first introduced in September 2024 , developed with assistance and auditing from Trail of Bits, to secure audio and video calls, group chats, voice channels, and…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Instagram users locked out after Meta AI abused to steal accounts

…After changing the email address, the attacker could initiate a password reset process and receive the required security code for gaining access to the account. Some online reports claim that the @e…

Jun 2, 2026 · Bill Toulas