BleepingComputer

⚠️ Hackers are targeting WordPress sites running WP Maps Pro 6.1.0 and older to create rogue administrator accounts without authentication via CVE-2026-8732. 🔧 A fix was released in WP Maps Pro 6.1.1 on May 20, while researchers blocked more than 3,600 exploitation attempts in the past 24 hours. ➡️ https://lnkd.in/evuGPWxv #WordPress #WPMapsPro #CVE20268732 #cybersecurity

🔐 Palo Alto Networks warns CVE-2026-0257 in PAN-OS GlobalProtect is now being actively exploited against unpatched devices to bypass authentication and establish unauthorized VPN connections. ⚠️ Organizations should install the latest security updates or mitigate by disabling authentication override cookies or using a different certificate for that feature. ➡️ https://lnkd.in/ev9DYgp3 #cybersecurity #PaloAltoNetworks #VPN #CVE20260257

🔐 The CIFSwitch Linux kernel flaw could let local attackers forge cifs.spnego requests, abuse the key request mechanism, and gain root privileges on multiple distributions. ��️ A kernel patch now validates cifs.spnego request origins, and recommended mitigations include disabling unused CIFS, removing unnecessary cifs-utils, and disabling unprivileged user namespaces. ➡️ https://lnkd.in/eSkEDYF4 #Linux #CIFS #PrivilegeEscalation #cybersecurity

🚨 Threat actors used Google ads and ChatGPT share links to show fake OpenAI outage pages that pushed users to download malware disguised as the ChatGPT desktop app. 🛑 The campaign used a legitimate chatgpt.com shared page and a cloaked fake download site serving macOS and Windows malware to targeted victims. ➡️ https://lnkd.in/eDvKaEJk #cybersecurity #ChatGPT #OpenAI #malware

⚖️ California AG Rob Bonta sued 23andMe over a 2023 breach that exposed genetic and personal data of roughly 6.9 million customers, including 855,541 Californians. 🧬 The complaint says 23andMe lacked reasonable safeguards against credential-stuffing, missed chances to detect the intrusion, failed to catch a DNA Relatives coding error, and made misleading statements before and after the incident. ➡️ https://lnkd.in/eepX3MWT #23andMe #DataBreach #Privacy #cybersecurity

🌐 DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. 🛡️ Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. ➡️ https://lnkd.in/eBmaYs-b #cybersecurity #sponsored

🛑 Dutch authorities took offline a botnet of at least 17 million infected devices and seized more than 200 servers in the Netherlands. 📱 The seized servers controlled computers, tablets, and smartphones to carry out cyberattacks, according to the authorities. ➡️ https://lnkd.in/e75kuzFq #cybersecurity #botnet #DDoS #Netherlands

🔐 Google says Chrome Device Bound Session Credentials is now generally available and rolling out to all users to prevent account takeovers by cryptographically binding session cookies to a specific device. 🛡️ Google says DBSC will be enabled by default for all Google Workspace customers upon rollout and administrators cannot disable it. ➡️ https://lnkd.in/ep6pqNPV #GoogleChrome #GoogleWorkspace #MFA #cybersecurity

⚡ Network incidents are often detected quickly, but investigations can still slow resolution. Join our June 2 webinar with Tines to learn how automation and AI-assisted workflows can help IT teams move from alert to resolution faster. 🎯 https://lnkd.in/em8y2vAP #webinar #networking #cybersecurity

🔒 A North Carolina man was sentenced to 121 months in prison for selling the personal data of over 7 million elderly Americans to scammers. ⚖️ Court documents say he sent at least 22,000 lead lists between 2016 and 2023, generating more than $5.2 million and causing victim losses exceeding $9.5 million. ➡️ https://lnkd.in/eWy7rU6J #cybersecurity #ElderFraud #WireFraud