- Laravel Lang packages hijacked to deploy credential-stealing malware
by Lawrence Abrams on May 23, 2026 at 8:48 pmA supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. […]
- Italy disrupts CINEMAGOAL piracy app that stole streaming auth codesby Bill Toulas on May 23, 2026 at 2:23 pm
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. […]
- Netherlands seizes 800 servers of hosting firm enabling cyberattacksby Bill Toulas on May 22, 2026 at 5:24 pm
Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. […]
- Former US execs plead guilty to aiding tech support scammersby Sergiu Gatlan on May 22, 2026 at 3:32 pm
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. […]
- Trend Micro warns of Apex One zero-day exploited in the wildby Sergiu Gatlan on May 22, 2026 at 1:39 pm
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. […]
- Drupal: Critical SQL injection flaw now targeted in attacksby Bill Toulas on May 22, 2026 at 1:14 pm
Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. […]
- Why Chargebacks are Just One Piece of the Fraud Puzzleby Sponsored by IPQS on May 22, 2026 at 1:09 pm
Fraud losses don’t stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. […]
- Ubiquiti patches three max severity UniFi OS vulnerabilitiesby Sergiu Gatlan on May 22, 2026 at 12:00 pm
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. […]
- US and Canada arrest and charge suspected Kimwolf botnet adminby Sergiu Gatlan on May 22, 2026 at 9:01 am
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. […]
- Google accidentally exposed details of unfixed Chromium flawby Bill Toulas on May 21, 2026 at 6:13 pm
Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. […]
- Apple blocked over $11 billion in App Store fraud in 6 yearsby Sergiu Gatlan on May 21, 2026 at 3:11 pm
Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transactions in 2025 alone. […]
- Inside a Crypto Drainer: How to Spot it Before it Empties Your Walletby Sponsored by Flare on May 21, 2026 at 2:00 pm
Modern crypto drainers don’t hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. […]
- Chinese hackers target telcos with new Linux, Windows malwareby Bill Toulas on May 21, 2026 at 2:00 pm
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. […]
Bleeping Computer Cyber Security
We are an ethical website cyber security team and we perform security assessments to protect our clients.