Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

CBSE says that a URL mentioned in social media posts on the 'hacking' incident was only a testing platform containing sample ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Lauren (Hansen) Holznienkemper is a lead editor for the small business vertical at Forbes Advisor, specializing in HR, payroll and recruiting solutions for small businesses. Using research and writing ...

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...