BleepingComputer.com

"Russian hackers turn Kazuar backdoor into modular P2P botnet."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 May 2026, 1643 UTC.

Content and Source:  "BleepingComputer.com."

 URL--https://www.bleepingcomputer.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Security

  Russian hackers turn Kazuar backdoor into modular P2P botnet

  The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection.

  • Bill Toulas
  • May 16, 2026
  • 10:15 AM
   
  •  0
• 
   
  Deals

  This premium PDF tool is built for Mac users—and is $70 off right now

  PDFs somehow manage to become everyone's problem eventually, whether you're signing contracts, editing forms, or digging through scanned paperwork. Right now, a PDF Expert Premium Plan Lifetime Subscription for Mac is available for a one-time $69.97 (MSRP: $139.99) through June 14.

  • BleepingComputer Deals
  • May 16, 2026
  • 08:11 AM
   
  •  0
• 
   

  Browser & Identity Attacks Matrix: Map your exposure to 51 identity attack techniques [Free Resource] 

  Check out the open-source matrix for browser-based attack techniques. AiTM phishing, ClickFix, device code phishing, ConsentFix, malicious browser extensions — Push Security's Browser & Identity Attacks Matrix maps every technique in one open-source framework.

  • Push Security Sponsorship
• 
   
  Security

  Funnel Builder WordPress plugin bug exploited to steal credit cards

  A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

  • Bill Toulas
  • May 15, 2026
  • 03:30 PM
   
  •  0
• 
   
  Security, Linux, Microsoft

  Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

  ​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations.

  • Sergiu Gatlan
  • May 15, 2026
  • 01:47 PM
   
  •  0
• 
   
  Security

  Popular node-ipc npm package compromised to steal credentials

  Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm.

  • Bill Toulas
  • May 15, 2026
  • 01:10 PM
   
  •  0
• 
   
  Security

  Avada Builder WordPress plugin flaws allow site credential theft

  Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database.

  • Bill Toulas
  • May 15, 2026
  • 11:56 AM
   
  •  0
• 
   
  Microsoft, Security

  Microsoft backpedals: Edge to stop loading passwords into memory

  Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design."

  • Sergiu Gatlan
  • May 15, 2026
  • 10:49 AM
   
  •  3
• 
   
  Security

  Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

  Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability.

  • Flare
  • May 15, 2026
  • 10:02 AM
   
  •  0
• 
   
  Microsoft

  Microsoft to automatically roll back faulty Windows drivers

  Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update.

  • Sergiu Gatlan
  • May 15, 2026
  • 08:29 AM
   
  •  1
• 
   
  Deals

  For those needing fast, portable storage, this tiny 1TB Samsung SSD is $270

  The Samsung T7 1TB Portable SSD is on sale for $269.99 (MSRP: $274.99), giving users a fast, compact way to offload files without relying entirely on cloud storage or constantly deleting things to free up space.

  • BleepingComputer Deals
  • May 15, 2026
  • 07:12 AM
   
  •  1
• 
   
  Microsoft, Security

  Microsoft warns of Exchange zero-day flaw exploited in attacks

  On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users.

  • Sergiu Gatlan
  • May 15, 2026
  • 05:40 AM
   
  •  0
• 
   
  Security

  TeamPCP hackers advertise Mistral AI code repos for sale

  The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data.

  • Ionut Ilascu
  • May 14, 2026
  • 06:50 PM
   
  •  0
• 
   
  Security

  Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

  Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites.

  • Bill Toulas
  • May 14, 2026
  • 05:07 PM
   
  •  0
• 
   
  Security

  Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

  Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices.

  • Lawrence Abrams
  • May 14, 2026
  • 04:09 PM
   
  •  0
• 
   
  Security, Education

  OpenAI confirms security breach in TanStack supply chain attack

  OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution.

  • Lawrence Abrams
  • May 14, 2026
  • 03:07 PM
   
  •  0
• 
   
  Security, Linux, Microsoft, Software

  Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

  On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days.

  • Sergiu Gatlan
  • May 14, 2026
  • 02:53 PM
   
  •  0
• 
   
  Deals

  This lifetime documentary streaming deal is just $150 right now

  Right now, a MagellanTV Documentary Streaming Service lifetime subscription is available for a one-time $149.97 (MSRP: $999). It's tailor-made for people who open streaming apps hoping to learn something interesting instead of scrolling endlessly for 40 minutes first.

  • BleepingComputer Deals
  • May 14, 2026
  • 02:06 PM
   
  •  0
• 
   
  Security, Artificial Intelligence, Healthcare

  18-year-old NGINX vulnerability allows DoS, potential RCE

  An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution.

  • Bill Toulas
  • May 14, 2026
  • 11:43 AM
   
  •  0
• 
   
  Security

  Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight

  Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security.

  • NMFTA
  • May 14, 2026
  • 11:21 AM
   
  •  0
• 
   
  Security

  KongTuke hackers now use Microsoft Teams for corporate breaches

  Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks.

  • Bill Toulas
  • May 14, 2026
  • 08:12 AM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More