bleepingcomputer.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-24.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-24 2026 | Over 10000 Zimbra servers vulnerable to ongoing XSS attacksXSS | Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks https://ift.tt/Ay2mKgb |
| 2026-04-23 2026 | New Checkmarx supply-chain breach affects KICS analysis toolSupply Chain | New Checkmarx supply-chain breach affects KICS analysis tool https://ift.tt/p2R0T8O |
| 2026-04-22 2026 | Microsoft releases emergency patches for critical ASP.NET flawAPI Sec | Microsoft releases emergency patches for critical ASP.NET flaw https://ift.tt/C9a1UoS |
| 2026-04-22 2026 | New npm supply-chain attack self-spreads to steal auth tokensSupply Chain | New npm supply-chain attack self-spreads to steal auth tokens https://ift.tt/jx1785i |
| 2026-04-21 2026 | Actively exploited Apache ActiveMQ flaw impacts 6400 serversRCE | Actively exploited Apache ActiveMQ flaw impacts 6,400 servers https://ift.tt/TMZ4gHl |
| 2026-04-19 2026 | LiteLLM PyPI Package Compromised in TeamPCP Supply Chain AttackPython | LiteLLM PyPI Package Compromised in TeamPCP Supply Chain Attack |
| 2026-04-18 2026 | Critical flaw in Protobuf library enables JavaScript code executionRCE | Critical flaw in Protobuf library enables JavaScript code execution https://ift.tt/4DbZmA7 |
| 2026-04-16 2026 | Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging FaceRCE | Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face https://ift.tt/TgFiunY |
| 2026-04-14 2026 | Microsoft April 2026 Patch Tuesday fixes 167 flaws 2 zero-daysRCE | Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days https://ift.tt/nLAl5mZ |
| 2026-04-13 2026 | OpenAI rotates macOS certs after Axios attack hit code-signing workflowSupply Chain | OpenAI rotates macOS certs after Axios attack hit code-signing workflow https://ift.tt/lXVxymj |
| 2026-04-12 2026 | Critical Marimo pre-auth RCE flaw now under active exploitationRCE | Critical Marimo pre-auth RCE flaw now under active exploitation https://ift.tt/EFsl5Bx |
| 2026-04-11 2026 | 10,000+ Docker Hub Images Leaking CredentialsSecrets | 10,000+ Docker Hub Images Leaking Credentials |
| 2026-04-10 2026 | Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitorSupply Chain | Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor https://ift.tt/X5jt3Jc |
| 2026-04-10 2026 | Dangerous runC Flaws Allow Hackers to Escape Docker ContainersRCE | Dangerous runC Flaws Allow Hackers to Escape Docker Containers |
| 2026-04-10 2026 | Max Severity Flowise RCE Vulnerability Now Exploited in AttacksRCE | Max Severity Flowise RCE Vulnerability Now Exploited in Attacks |
| 2026-04-08 2026 | 13-year-old bug in ActiveMQ lets hackers remotely execute commandsRCE | 13-year-old bug in ActiveMQ lets hackers remotely execute commands https://ift.tt/DqRSxdX |
| 2026-04-07 2026 | Hackers exploit critical flaw in Ninja Forms WordPress pluginRCE | Hackers exploit critical flaw in Ninja Forms WordPress plugin https://ift.tt/u0UvZxk |
| 2026-04-02 2026 | Hackers exploiting critical F5 BIG-IP flaw in attacks patch nowRCE | Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now https://ift.tt/v4Mxyoj |
| 2026-03-18 2026 | CISA orders feds to patch Zimbra XSS flaw exploited in attacksXSS | CISA orders feds to patch Zimbra XSS flaw exploited in attacks https://ift.tt/AV9sfJM |
| 2026-02-20 2026 | Microsoft says bug causes Copilot to summarize confidential emailsAI | Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely ... |
| 2026-02-04 2026 | CISA warns of five-year-old GitLab flaw exploited in attacksSSRF | CISA has issued a warning about a five-year-old vulnerability in GitLab that is being exploited in attacks. The flaw poses a security risk and has been actively targeted by threat actors. Organizations using GitLab are advised to update their systems to protect against potential exploitation. |
| 2025-10-21 2025 | CISA confirms hackers exploited Oracle E-Business Suite SSRF flawSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has verified that hackers exploited a Server-Side Request Forgery (SSRF) vulnerability in Oracle E-Business Suite. This flaw allowed attackers to manipulate the server into making requests to other systems, potentially leading to unauthorized access or data breaches. It is crucial for organizations using Oracle E-Business Suite to promptly address this vulnerability to prevent exploitation by malicious actors. |
| 2025-04-09 2025 | Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentialsSSRF | Hackers are exploiting Server-Side Request Forgery (SSRF) vulnerabilities in Amazon EC2-hosted websites to steal AWS credentials. SSRF bugs allow attackers to send requests from the server to other internal resources, potentially accessing sensitive information like AWS credentials. This type of attack poses a significant risk to organizations hosting their sites on EC2 instances. It is crucial for website owners to regularly update and secure their systems to prevent such attacks and protect their AWS credentials from being compromised. |
| 2024-11-04 2024 | Microsoft SharePoint RCE bug exploited to breach corporate networkRCE | A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. |