Funnel Builder WordPress plugin bug exploited to steal credit cards Home News Security Funnel Builder WordPress plugin bug exploited to steal credit cards Bill Toulas May 15, 2026 03:30 PM A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. The flaw has not received an official identifier and can be leveraged without authentication. It affects all versions of the plugin before 3.15.0.3.

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own Home News Security Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own Sergiu Gatlan May 15, 2026 01:47 PM ​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. Pwn2Own Berlin 2026 hacking competition takes place at the OffensiveCon conference from May 14 to May 16 and focuses on enterprise technologies and artificial intelligence. Security researchers can earn over $1,000,000 in cash and prizes by hacking fully patched products in the web browser, enterprise applications, cloud-native/container environments, virtualization, local privilege escalation, servers, local inference, and LLM categories.

Popular node-ipc npm package compromised to steal credentials Home News Security Popular node-ipc npm package compromised to steal credentials Bill Toulas May 15, 2026 01:10 PM Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP. Despite the maintainer publishing in March 2022 weaponized versions that targeted Russia and Belarus-based systems with a data-overwriting module, in protest to the Russian invasion of Ukraine, the package still has more than 690,000 weekly downloads on npm.

Microsoft backpedals: Edge to stop loading passwords into memory Home News Microsoft Microsoft backpedals: Edge to stop loading passwords into memory Sergiu Gatlan May 15, 2026 10:49 AM Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." This behavior was disclosed on May 4 by security researcher Tom Jøran Sønstebyseter Rønning, who demonstrated that all credentials stored in the Edge built-in password manager were decrypted on launch and kept in memory even when not in use. Rønning also released a proof-of-concept (PoC) tool that would allow attackers with Administrator privileges to dump passwords from other users' Edge processes (without admin privileges, the PoC only allows accessing Edge processes launched by the same user). He also said he reported the issue to Microsoft and was told the behavior was "by design" before he publicly disclosed it.

Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution Home News Security Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution Sponsored by Flare May 15, 2026 10:02 AM In recent months, a new infostealer malware known as REMUS has emerged across the cybercrime landscape, drawing attention from security researchers and malware analysts. Several technical analyses published in recent months focused on the malware’s capabilities, infrastructure, and similarities to Lumma Stealer, including browser targeting mechanisms, and credential theft functionality and more. However, far less attention has been given to the underground operation behind the malware itself.

Microsoft to automatically roll back faulty Windows drivers Home News Microsoft Microsoft to automatically roll back faulty Windows drivers Sergiu Gatlan May 15, 2026 08:29 AM Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. Called Cloud-Initiated Driver Recovery, the new feature will remove the need for hardware partners or end users to manually fix driver issues once drivers have been distributed to devices. The recovery process is entirely managed by Microsoft, with no partner-side actions required, and will only be initiated for Windows drivers rejected due to quality issues during shiproom evaluation.

TeamPCP hackers advertise Mistral AI code repos for sale Home News Security TeamPCP hackers advertise Mistral AI code repos for sale Ionut Ilascu May 14, 2026 06:50 PM The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories. Mistral AI is a French artificial intelligence company founded by former researchers from Google's DeepMind and Meta, which provides open-weight large language models (LLMs), both open source and proprietary.

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Home News Security Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Bill Toulas May 14, 2026 05:07 PM Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight alternative to Google Analytics. The flaw, tracked as CVE-2026-8181, was introduced on April 23 with the release of version 3.4.0 of the plugin.

OpenAI confirms security breach in TanStack supply chain attack Home News Security OpenAI confirms security breach in TanStack supply chain attack Lawrence Abrams May 14, 2026 03:07 PM OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, or deployed software. The company says the breach is linked to the recent "Mini Shai-Hulud" supply-chain campaign by the TeamPCP extortion gang, which targeted developers by slipping malicious updates into trusted and popular software packages.

Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight Home News Security Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight Sponsored by NMFTA May 14, 2026 11:21 AM Written by Ben Wilkens, director of cybersecurity, NMFTA Working in cybersecurity, you are well aware of the playbook that ransomware operators use. Stolen credentials, established persistence, network recon, pivoting to a high-value target cash out. These techniques are well documented; we have attack frameworks and well-documented kill chains for their techniques.