Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!https://bsky.app/profile/bleepingcomputer.comhttps://bsky.app/profile/bleepingcomputer.com/post/3mlw2zzba3m26A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. https://www.bleepingcomputer.com/news/security/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credit-cards/15 May 2026 15:30 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlw2zzba3m26https://bsky.app/profile/bleepingcomputer.com/post/3mlvvbozols2g​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/15 May 2026 13:47 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlvvbozols2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlvt7yf34f2uHackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/15 May 2026 13:10 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlvt7yf34f2uhttps://bsky.app/profile/bleepingcomputer.com/post/3mlvp3zjubq2mTwo vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. https://www.bleepingcomputer.com/news/security/avada-builder-wordpress-plugin-flaws-allow-site-credential-theft/15 May 2026 11:57 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlvp3zjubq2mhttps://bsky.app/profile/bleepingcomputer.com/post/3mlvmhejdec2kMicrosoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-to-stop-loading-cleartext-passwords-in-memory-on-startup/15 May 2026 15:09 +0000at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlvmhejdec2khttps://bsky.app/profile/bleepingcomputer.com/post/3mlvdjpognn2kMicrosoft is introducing a new Windows Update capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. https://www.bleepingcomputer.com/news/microsoft/microsoft-to-automatically-roll-back-faulty-windows-drivers/15 May 2026 08:30 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlvdjpognn2khttps://bsky.app/profile/bleepingcomputer.com/post/3mlv23astef2kOn Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/15 May 2026 05:40 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlv23astef2khttps://bsky.app/profile/bleepingcomputer.com/post/3mltvr6umjm26The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. https://www.bleepingcomputer.com/news/security/teampcp-hackers-advertise-mistral-ai-code-repos-for-sale/14 May 2026 18:51 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mltvr6umjm26https://bsky.app/profile/bleepingcomputer.com/post/3mltpy4c7vx2fHackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. https://www.bleepingcomputer.com/news/security/hackers-exploit-auth-bypass-flaw-in-burst-statistics-wordpress-plugin/14 May 2026 17:07 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mltpy4c7vx2fhttps://bsky.app/profile/bleepingcomputer.com/post/3mltmrobuwa2uCisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. https://www.bleepingcomputer.com/news/security/cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks/14 May 2026 16:10 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mltmrobuwa2uhttps://bsky.app/profile/bleepingcomputer.com/post/3mltjbqch4y2wOpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/14 May 2026 15:07 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mltjbqch4y2whttps://bsky.app/profile/bleepingcomputer.com/post/3mltijjlpn62kOn the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. https://www.bleepingcomputer.com/news/security/windows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026/14 May 2026 14:54 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mltijjlpn62khttps://bsky.app/profile/bleepingcomputer.com/post/3mlt5vpxyzi2gAn 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. https://www.bleepingcomputer.com/news/security/18-year-old-nginx-vulnerability-allows-dos-potential-rce/14 May 2026 11:44 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlt5vpxyzi2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlss44trd72lInitial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. https://www.bleepingcomputer.com/news/security/kongtuke-hackers-now-use-microsoft-teams-for-corporate-breaches/14 May 2026 08:12 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlss44trd72lhttps://bsky.app/profile/bleepingcomputer.com/post/3mlskvi4wpo2mDell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. https://www.bleepingcomputer.com/news/software/dell-confirms-its-supportassist-software-causes-windows-bsod-crashes/14 May 2026 06:03 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlskvi4wpo2mhttps://bsky.app/profile/bleepingcomputer.com/post/3mlsh4etayt2vThe alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. https://www.bleepingcomputer.com/news/security/us-charges-suspected-dream-market-admin-arrested-in-germany/14 May 2026 04:56 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlsh4etayt2vhttps://bsky.app/profile/bleepingcomputer.com/post/3mlscdil7ah26Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/14 May 2026 03:30 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlscdil7ah26https://bsky.app/profile/bleepingcomputer.com/post/3mlrdrkii332uWest Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. https://www.bleepingcomputer.com/news/security/west-pharmaceutical-says-hackers-stole-data-encrypted-systems/13 May 2026 18:23 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlrdrkii332uhttps://bsky.app/profile/bleepingcomputer.com/post/3mlrcgme7dm26The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. https://www.bleepingcomputer.com/news/security/iranian-hackers-targeted-major-south-korean-electronics-maker/13 May 2026 17:59 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlrcgme7dm26https://bsky.app/profile/bleepingcomputer.com/post/3mlr53j5mtz2mA critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. https://www.bleepingcomputer.com/news/security/new-critical-exim-mailer-flaw-allows-remote-code-execution/13 May 2026 16:24 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlr53j5mtz2mhttps://bsky.app/profile/bleepingcomputer.com/post/3mlqqhej2yc2uA cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/13 May 2026 12:38 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlqqhej2yc2uhttps://bsky.app/profile/bleepingcomputer.com/post/3mlqnewnxjv2vMicrosoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-issue-only-for-windows-11-users/13 May 2026 11:43 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlqnewnxjv2vhttps://bsky.app/profile/bleepingcomputer.com/post/3mlqjntua2r2gMicrosoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-autopatch-bug-installing-restricted-drivers/13 May 2026 10:36 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlqjntua2r2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlqdpsszxm2mFoxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. https://www.bleepingcomputer.com/news/security/electronics-giant-foxconn-confirms-cyberattack-on-north-american-factories/13 May 2026 08:50 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlqdpsszxm2mhttps://bsky.app/profile/bleepingcomputer.com/post/3mlqalnufa42uMicrosoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. https://www.bleepingcomputer.com/news/microsoft/microsoft-says-some-users-cant-install-office-on-windows-365-devices/13 May 2026 07:54 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlqalnufa42uhttps://bsky.app/profile/bleepingcomputer.com/post/3mlovvryoxx2gThe U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company's Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. https://www.bleepingcomputer.com/news/security/us-govt-seeks-instructure-testimony-on-massive-canvas-cyberattack/12 May 2026 19:10 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlovvryoxx2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlomb2647k2fThe Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. https://www.bleepingcomputer.com/news/security/uk-fines-water-supplier-13m-for-exposing-data-of-664k-customers/12 May 2026 16:17 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlomb2647k2fhttps://bsky.app/profile/bleepingcomputer.com/post/3mlok74jbhh2gSignal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. https://www.bleepingcomputer.com/news/security/signal-adds-security-warnings-for-social-engineering-phishing-attacks/12 May 2026 15:40 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlok74jbhh2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlohu2yt2s2gMicrosoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5087544-extended-security-update/12 May 2026 14:58 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlohu2yt2s2ghttps://bsky.app/profile/bleepingcomputer.com/post/3mlofur2pnz26Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/12 May 2026 14:23 -0400at://did:plc:kbdifeeymt5ppkl4gtq3i7be/app.bsky.feed.post/3mlofur2pnz26