The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Eight students arrested in Kenya after suspected deadly school arson attack

Eight students alleged to have been involved in a suspected arson attack at a Kenyan girls' school that killed 16 pupils have ...

Large-scale Russian attack on Ukraine leaves four dead and dozens injured

A hypersonic missile, which reportedly travels over 10 times the speed of sound, was used, Russia has confirmed.
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
The Register-Herald

Taylor Swift concert attack plot suspect found guilty by Austrian court

An Austrian court has convicted a man of planning to attack a Taylor Swift concert in Vienna nearly two years ago. The Austria Press Agency reports that the state court ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
The Caledonian-Record

US military accuses Iran of ceasefire violation after Kuwait comes under missile attack

The U.S. military has accused Iran of violating a fragile ceasefire after Kuwait reported coming under attack following an American strike against the Islamic Republic. It's the latest flare-up of ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...