A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

Chrome, Edge, Brave, Opera, and other Chromium-based browsers could reportedly be exposed to abuse after Google accidentally ...

Cybersecurity experts are warning about a rising 'ClickFix' scam that disguises itself as a routine CAPTCHA check but tricks users into executing malicious commands. The attack installs ...

Qoder officially releases version 1.0, upgrading from an AI IDE to an Autonomous Development Desktop. The new version enables autonomous execution of code ...

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.