Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

An emerging wave of rather concerning online theft is leveraging one of the Fintech sector’s most widely used platforms in order to conceal and reportedly distribute malicious code designed to harvest ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...

Israel's military says that the air force has carried out an airstrike on a southern suburb of Lebanon's capital. The strike on Thursday afternoon hit an apartment in Choueifat near ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...