Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

Funnel Builder WordPress plugin exploited to steal credit card details

Funnel Builder WordPress plugin is being exploited to steal people's credit cards but the flaw has since been patched.
The Hacker News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages ...

Official White House app contains code to bypass GDPR banners and paywalls

The app contains multiple features that have sounded alarm bells in this security researcher's analysis.
中国日报网

China to inject $43.9b into major State banks

A promotion board of Industrial and Commercial Bank of China is seen during a humanoid robot race in Beijing on April 19. CHINA DAILY China will roll out a fresh round of capital injections into its ...
Nature

Web Application Vulnerability Detection and Mitigation

Web applications underpin a vast array of services—from banking and e-commerce to social media—and their increasing complexity has amplified exposure to cyber threats. Vulnerability detection ...
decrypt

Malicious Web Pages Are Hijacking AI Agents, And Some Are Going After Your PayPal

Add Decrypt as your preferred source to see more of our stories on Google. Google documented a 32% surge in malicious indirect prompt injection attacks between November 2025 and February 2026, ...
IEEE

Boostlet.Js: Medical Image Processing Plugins for the Web via Javascript Injection

Abstract: Can web-based image processing and visualization tools easily integrate into existing websites without significant time and effort? Our Boostlet.js library addresses this challenge by ...
Infosecurity-magazine.com

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed to achieve financial fraud, data destruction, API key ...
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...
Moneyweb

SAA: Boss of catering subsidiary set to run an airline?

But running an airline catering operation with a single main customer – its parent SAA – is rather different from running an ...