Ghost CMS Exploit Poisons 700 Sites for ClickFix Malware
Attackers are exploiting Ghost CMS CVE-2026-26980 to inject ClickFix loaders into trusted…
Laravel-Lang Composer Packages Rewritten to Steal CI Secrets
Laravel-Lang Composer packages were compromised through rewritten tags that run a PHP…
Grafana Says Missed Token Let Attackers Copy Private Repos
Grafana says attackers copied two private GitHub repositories after one workflow token…
Ghostwriter Uses Prometheus Lures to Drop OYSTERFRESH Malware
CERT-UA says Ghostwriter used compromised accounts and fake Prometheus certificate lures to…
Nimbus Manticore Uses Fake Installers to Drop MiniFast Backdoor
Check Point says Nimbus Manticore used SEO poisoning, fake software lures, and…
First VPN Takedown Hits Ransomware Anonymization Service
Europol says First VPN, a Russian-speaking cybercrime VPN, was dismantled in Operation…
Langflow CVE-2025-34291: Token Hijack and RCE Added to CISA KEV
Langflow CVE-2025-34291 can turn a malicious webpage into account takeover and RCE…
Trend Micro Apex One CVE-2026-34926 Exploited in the Wild
Trend Micro patched an Apex One on-prem directory traversal flaw after observing…
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to…
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…