Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking ...
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...

7-Eleven data breach exposes personal information of 185,000 people

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of ...