latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
SecurityWeek

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Threat actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
BERNAMA

Cloudflare Acquires VoidZero To Build The Future Of The AI-Native Web

The acquisition will unify VoidZero’s high-performance tooling — including the Vite build tool, Vitest test runner, Rust-based Rolldown bundler and Oxc toolchain — natively into the Cloudflare ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
TheServerSide

Simple Ajax file upload with pure JavaScript example

Community driven content discussing all aspects of software development from DevOps to design patterns. Note, this article deals with client-side JavaScript. For a client and server-side JavaScript ...
TechRadar

WordPress sites targeted by malicious plugin disguised as security tool

Wordfence researchers uncover a new piece of WordPress malware Threat actors used AI to create legitimate-looking tools The malware pretends to be an anti-malware product Security researchers have ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...