Critical vm2 sandbox bug lets attackers execute code on hosts
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
Search
Top stories
Path traversal flaw in AI dev platform Langflow exploited in attacks
…Although Tenable did not mention a fix in its advisory, Snyk Security reported on March 30, 2026, that the issue was fixed in the langflow-base package version 0.8.3, while…
Charter Communications data breach affects 4.9 million accounts
…The company confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal customer information and that it had alerted authorities about the incident. "No sensitive personal information…
phpBB forum fixes auth bypass bug lurking for a decade
…Researchers at application security company Aikido found the bug on June 2nd and reported it through the developer's HackerOne Vulnerability Disclosure Program. phpBB responded to the report immediately and addressed the…
Google patches new Chrome zero-day flaw exploited in the wild
…While Google says the security update could take days or weeks to reach all Chrome users, the update was available immediately when BleepingComputer checked for updates earlier today. Users who prefer not…
Microsoft Defender can now automatically isolate hacked endpoints
…Microsoft explained, they can also be released from containment at any time by security operators after completing the incident investigation and mitigating the risks. To release a device from automatic isolation, select…
WhatsApp says it disrupted new NSO spyware phishing attacks
…courts, securing a permanent injunction against it in 2025, a declaration of liability for 1,400 infections, and an associated $167,000,000 fine . According to Meta’s latest announcement, these prior…
Funnel Builder WordPress plugin bug exploited to steal credit cards
…E-commerce security company Sansec detected the malicious activity and noticed that the payload (analytics-reports[.]com/wss/jquery-lib.js) is disguised as a fake Google Tag Manager/Google Analytics script…
Critical Kirki flaw exploited to hijack WordPress admin accounts
…The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours. The full name of the plugin is Kirki…
GitHub investigates internal repositories breach claimed by TeamPCP
…In March, the hacker group also compromised Aqua Security's Trivy vulnerability scanner , which is believed to have led to cascading compromises affecting Aqua Security Docker images and the Checkmarx KICS project…