Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Coempt gave CBSE cyber certificates that were expired, tied to other client

The cybersecurity certificates submitted to CBSE for its OSM platform were outdated and covered a different client's deployment, raising questions on the platform's actual security.
RCR Wireless NewsOpinion

At-scale testing for LLM implementations and guardrails (Reader Forum)

As AI becomes the public face of business, organizations must validate performance, security, and cost efficiency at scale.
CSOonline

Cybersecurity trends in SEC filings

Analyzing SEC 10-K filings reveals that while CISOs handle cybersecurity under the CIO, companies rely on the NIST framework to address growing AI and supply chain risks. In 2023, the Securities and ...
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.
Tech Critter

What Makes a Web Application Fast, Secure, and User-Friendly

Modern users expect web applications to load quickly, protect their personal information, and work smoothly across every device. Even a short delay in loading ...