Latest news as of 5/21/2026, 9:56:55 AM
Bleeping Computer
Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. [...]
The Hacker News
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after
Bleeping Computer
ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems. [...]
The Register
PLUS: India demands two-hour deepfake takedowns; Singapore embraces AI; Japanese robot wolf gets cuddly; And more The United States may be about to change its policies regarding Chinese technology companies.… Asia In Brief
Bleeping Computer
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. [...]
The Register
PLUS: Fake ransomware group exposed; EC blesses Google's big Wiz deal; Alleged sewage hacker cuffed; And more The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.… Infosec in Brief
Bleeping Computer
Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an "UNMOUNTABLE_BOOT_VOLUME" error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday update. [...]
Bleeping Computer
CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. [...]
Bleeping Computer
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. [...]
The Hacker News
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows