Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Bleeping Computer

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...

Why decades-old attacks still work, and why that should worry you

AI systems inherit decades-old security flaws many organizations still fail to address consistently.
Morning Overview on MSN

Fortinet rushed an emergency fix after attackers turned its own FortiClient security ...

Fortinet’s FortiClient endpoint management software, meant to harden corporate and government machines, instead exposed them ...