Search

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…XLab has observed multiple payloads being used in these attacks, including DLL loaders, JavaScript droppers, and an Electron-based malware sample named UtilifySetup.exe. Mitigating the risk The most important course of…

May 24, 2026 · Bill Toulas

wired.com › story

Hackers Are Posting the Claude Code Leak With Bonus Malware

…headlines to read the full stories. And stay safe out there. Hackers Are Posting the Claude Code Leak With Bonus Malware Earlier this week, a security researcher flagged that Anthropic accidentally made…

Apr 4, 2026 · Andy Greenberg

theregister.com › security › 2026 › …

CPUID hijacked to serve malware as HWMonitor downloads

Security CPUID site hijacked to serve malware instead of HWMonitor downloads Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers Visitors to the CPUID website…

Apr 10, 2026 · Carly Page

theregister.com › security › 2026 › …

Snoops plant info-stealing malware on iPhones, Google warns

…is a well-funded, well-connected but technically less sophisticated threat actor whose goals include both financial gain and espionage aligned with Russian intelligence requirements." ® security research malware iphone google cloud cybercrime

Mar 18, 2026 · Jessica Lyons

Top stories

tomshardware.com

New malware campaign tricks AI scanners with fake nuclear weapon prompts — malicious code triggers safety failsafes so scanners skip the payload

6d ago

techradar.com

Fake X-VPN installers found to spread credential-stealing malware — here's how to stay safe

1w ago

bleepingcomputer.com

GitHub disables Microsoft repos pushing password-stealing malware

1w ago

bleepingcomputer.com

NFCShare Android malware spreads via fake banking app updates on GitHub

1w ago

bleepingcomputer.com › news › security

Why Account Takeovers Are Rising and How to Stop Them

…Attackers obtain usernames and passwords through infostealer malware , phishing campaigns or credential dumps from previous breaches. While multi-factor authentication (MFA) is still one of the most important defenses against account compromise…

Jun 17, 2026

bleepingcomputer.com › news › security

Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

…campaign use exceptionally sophisticated cyber tradecraft." Symantec has published a complete list of indicators of compromise (IoCs) to help defenders catch and block such attacks. Test every layer before attackers do Security…

Jun 16, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp says it disrupted new NSO spyware phishing attacks By Bill Toulas June 8, 2026 02:40 PM WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New TCLBanker malware self-spreads over WhatsApp and Outlook

…Additionally, the malware includes self-spreading worm modules for WhatsApp and Outlook that automatically infect new victims. The new banking trojan was discovered by Elastic Security Labs , whose researchers believe it’s…

May 7, 2026 · Bill Toulas

github.blog › security › supply-chain-security

A year of open source vulnerability trends: CVEs, advisories, and malware

…CVE CVSS CWE Dependabot EPSS GitHub Security Lab malware vulnerability Written by Security Analyst, curator of the GitHub Advisory Database, and one of the members of the Security Lab responsible for issuing…

Mar 26, 2026 · Jonathan Evans

bleepingcomputer.com › news › security

GitHub announces npm security changes to tackle supply-chain attacks

…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…

Jun 10, 2026 · Bill Toulas