Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

FBI warns of in-person data theft attacks from extortion gang

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in ...
SecurityWeek

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

The Silent Ransom Group poses as IT support in attacks against law firms, and sends an individual in person if remote access ...

Huntress report identifies new campaign abusing ScreenConnect and other tools

Hackers are abusing legitimate remote management tools to crack open businesses and steal data.
Computerworld

Windows 11

In today's 2-Minute Tech Briefing, a Windows 11 update broke localhost functionality, disrupting developer workflows just as Windows 10 support ended. Nvidia’s long-awaited DGX Spark “personal AI ...