Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Anthropic releases Claude Opus 4.8 with dynamic workflows, 1,000 parallel subagents, and 3x cheaper fast mode. Here's what the new model means for AI developers, enterprises, and the race against ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Cleveland's poor play has the Cavaliers two losses from being eliminated by the New York Knicks in the Eastern Conference ...

Preview this article 1 min Bellevue Arts Museum will continue operating as a venue-free institution under a new CEO. Business ...

After beating Catholic Memorial on April 25, Tyler Beverage started doing backflips following Wachusett wins. The new ...