Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
CSO Online

New image-based prompt injection attack targets multimodal AI models

Researchers say the technique can manipulate how vision-language models interpret both images and user prompts.
TechRepublic

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data. Last week, researchers at Google and Forcepoint reported that ...
CNN

A new attack on the rituals that define US democracy

The gunman who allegedly aimed to target President Donald Trump’s Cabinet at an annual dinner celebrating free speech crystallized widening political violence that imperils such fundamental rights.
SecurityWeek

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

The tech giant found that many indirect prompt injection attempts are harmless, but some malicious exploits have also been identified. Google has analyzed AI indirect prompt injection attempts ...
Yahoo

The Post-Truth Era Is Upon Us. The Correspondents’ Dinner Attack Is the Latest Example.

Here’s what we know about the attack at the White House Correspondents’ Association dinner on Saturday night: A man carrying two firearms tried to charge the event. He failed to kill anyone. Federal ...
Slate

There’s Zero Proof the Correspondents’ Dinner Attack Was Fake. But There Sure Are Plenty of People Claiming It Was.

Sign up for the Slatest to get the most insightful analysis, criticism, and advice out there, delivered to your inbox daily. Here’s what we know about the attack at ...
Reuters

Mali army bases hit in large-scale attacks claimed by al Qaeda-linked militants

Explosions, gunfire near main army base outside Bamako Attacks reported in multiple northern cities Mali's military leaders took power after coups in 2020, 2021 Army says it killed 'several hundred' ...
ZDNet

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Malicious web prompts can weaponize AI without your input. Indirect prompt injection is now a top LLM security risk. Don't treat AI chatbots as fully secure or all-knowing. Artificial intelligence (AI ...