Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

The FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack, which involves duping users into running a seemingly benign, but malicious command.

Security researchers say a new macOS infostealer called SHub Reaper disguises itself as Apple security software to steal passwords, cryptocurrency wallets, and sensitive files. The malware abuses ...

Learn how Fragnesia (Copy Fail 3.0) exploits a Linux kernel logic bug to achieve 100% reliable root access. Find out if your ...

Hacking is often misunderstood as simply “breaking into computers.” But at its core, hacking is something broader and more fundamental: Hacking means making a system do something it was not meant to ...

Google caught the first zero-day exploit built with AI assistance. Criminal and state backed hackers are using AI models to ...

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged ...

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe ...

DeFi can't stop bleeding, and Wasabi Protocol is the latest to find out why. The protocol, a perpetuals trading platform built on Ethereum and Base, was drained of about $4.55 million on Thursday ...