Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Most ransomware attacks are opportunistic. Here’s how you can stop attackers

Ransomware isn’t targeted - it exploits predictable gaps like poor hygiene and missing basics.
GovInfoSecurity

AI Agents Are the New Insiders

AI systems are no longer passive tools. They make decisions, execute multi-step workflows and access sensitive data ...
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...
CSO Online

Microsoft previews automatic device isolation in Defender for Endpoint

The new capability will be added to the automatic attack disruption tool, however, new research warns that the tool has to be ...
CSO Online

Security experts caution MFA alone can no longer stop threat actors

Current campaigns are allowing even novice attackers to scoop up authentication tokens with increasing frequency, bypassing ...