A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Python stays far ahead after another dip; C holds second, Java retakes third from C++, and R rises to eighth as SQL slips, ...

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...