The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Large-scale Russian attack on Ukraine leaves four dead and dozens injured

A hypersonic missile, which reportedly travels over 10 times the speed of sound, was used, Russia has confirmed.
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
The Caledonian-Record

Suspect in Taylor Swift Vienna concert attack plot convicted and sentenced to 15 years

An Austrian court has convicted a man of planning to attack a Taylor Swift concert in Vienna nearly two years ago. He was sentenced to 15 years in prison The ...

Eight students arrested in Kenya after suspected deadly school arson attack

Sixteen pupils died in the fire that ripped through a dormitory while they were asleep.
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
The Caledonian-Record

US military accuses Iran of ceasefire violation after Kuwait comes under missile attack

The U.S. military has accused Iran of violating a fragile ceasefire after Kuwait reported coming under attack following an American strike against the Islamic Republic. It's the latest flare-up of ...

FROST Side-Channel Attack Turns SSD Activity Into A New Browser Privacy Nightmare

By discreetly measuring EM leaks and SSD operations, attackers leveraging the FROST attack can effectively spy on browser activity from a single open tab.