Search

bleepingcomputer.com › news › security

Popular node-ipc npm package compromised to steal credentials

…The recent supply-chain attack was detected by multiple application security companies, including Socket , Ox Security , and Upwind , who confirmed the following three versions as malicious: node-ipc@9.1.6 node…

May 15, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Why AI-driven threats are exposing the limits of MSP security stacks

2d ago

bleepingcomputer.com

GitHub announces npm security changes to tackle supply-chain attacks

3d ago

bleepingcomputer.com

ServiceNow discloses security incident exposing customer data

4d ago

bleepingcomputer.com

Reducing security operations complexity with Wazuh Cloud

5d ago

bleepingcomputer.com › news › security

Hackers exploit FortiClient EMS flaw to push infostealer malware

…CISA reacted quickly to the malicious activity and ordered federal agencies to secure their instances by the end of that week, while the internet security watchdog group The Shadowserver Foundation reported at…

May 28, 2026 · Bill Toulas

bleepingcomputer.com › news › microsoft

Microsoft says some users can't install Office on Windows 365 devices

…However, the company has also tagged this ongoing incident as an advisory, a flag commonly used to describe service issues typically involving limited scope or impact. Until the issue is resolved, those…

May 13, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Dutch govt disrupts malware botnet with 17 million infected devices

…The action was carried out following an investigation from the Police in collaboration with the country's cybersecurity agency, the National Cyber ​​Security Centre (NCSC). According to the authorities, the seized servers…

May 29, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WordPress malware campaign hides payloads in Steam profiles

…Since the campaign was first uncovered in July 2025, GoDaddy security engineers have found malware on approximately 1,980 WordPress websites. It is unclear how the hackers breach the websites, but researchers…

Jun 1, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Google accidentally exposed details of unfixed Chromium flaw

…The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. An attacker could exploit the problem to create…

May 21, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…Researchers at OXsecurity, a company that secures applications from code to runtime, discovered the malicious uploads over the weekend and noticed that the threat actor used misspelled names (typosquatting) targeting Axios users…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New TCLBanker malware self-spreads over WhatsApp and Outlook

…The new banking trojan was discovered by Elastic Security Labs , whose researchers believe it’s a major evolution of the older Maverick/Sorvepotel malware family. While TCLBanker currently appears focused in Brazil…

May 7, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

…Discovered by OpenAI's Codex software agent under the guidance of researchers at offensive security firm Calif, HTTP/2 Bomb combines two previously known HTTP/2 DoS methods: the HPACK compression amplification…

Jun 3, 2026 · Bill Toulas

bleepingcomputer.com › news › security

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

…Why security alone won't stop modern attacks FBI links cybercriminals to sharp surge in cargo theft attacks Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery Cybersecurity…

May 25, 2026 · Lawrence Abrams