Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
CSO Online

New image-based prompt injection attack targets multimodal AI models

Researchers say the technique can manipulate how vision-language models interpret both images and user prompts.
TechRepublic

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data. Last week, researchers at Google and Forcepoint reported that ...
The New York Times

Attacks on Jewish Targets in Europe Suggest Hybrid Warfare

Officials are investigating similar attacks across Europe, all claimed by a shadowy Islamist group that may be using low-cost, unsophisticated methods to sow fear in Jewish communities. By Megan ...
NPR

Mali reeling after coordinated attacks hit multiple cities

LAGOS, Nigeria—In Mali, West Africa, armed groups including Islamist militants launched one of the largest coordinated attacks seen in recent years, targeting multiple cities across the country early ...
The Washington Post

Al-Qaeda-linked militants launch coordinated attacks across Mali

Islamist militants with a powerful al-Qaeda affiliate and separatists launched attacks across the West African nation of Mali on Saturday, in what analysts say constitute the biggest strikes since ...
ZDNet

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Malicious web prompts can weaponize AI without your input. Indirect prompt injection is now a top LLM security risk. Don't treat AI chatbots as fully secure or all-knowing. Artificial intelligence (AI ...
Infosecurity-magazine.com

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed to achieve financial fraud, data destruction, API key ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...