Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

118-Point SEO Playbook Targets Electrician Lead Broker Dependency

How a 118-Point Local SEO Playbook Helps Electricians Cut Out Lead Brokers and Own Their Market Lake Elsinore, United ...

He built Smorgasburg. Now, he's using AI to organize the construction of his 'forever house.'

Jonathan Butler cofounded Smorgasburg and Brownstoner. Now he's building a house in New York — and vibe coding a construction ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

Don't Want to Wait for iOS 27? Shortcuts Playground From MacStories Generates Shortcuts Using AI

Apple is rumored to be adding an AI feature for creating shortcuts with natural language to the Shortcuts app in iOS 27, but ...
Tech Times

Streambert Streams Free Movies Via Russia-Linked VidSrc Domains: Hollywood Coalition Already Shut Down Similar App

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...
Ventureburn

Socket Raises $60M to Strengthen AI Security

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.