A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
A hypersonic missile, which reportedly travels over 10 times the speed of sound, was used, Russia has confirmed.
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
The US president says he is holding off on an attack planned for Tuesday as "serious negotiations are now taking place".
Some results have been hidden because they may be inaccessible to you
Show inaccessible results