Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

Sunport adds fast chargers at cellphone lot, more planned for next year

Funding came from a Volkswagen settlement awarded by the New Mexico Environment Department. Airport officials plan to add ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...
The Caledonian-Record

Daytona International Speedway to Install State-of-the-Art Musco LED Lighting System, Setting New Global Standard for Motorsports Venues

Daytona International Speedway today announced a transformative, venue-wide LED lighting project that will introduce the next ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

New WordPress Plugin: MUTE Spam Blocker Brings Zero-Code Contact Form Protection to Millions of WordPress Sites

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja ...