Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

A surfing competition was thrown into chaos after a photographer was bitten in the water, triggering fears of a shark attack.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

By discreetly measuring EM leaks and SSD operations, attackers leveraging the FROST attack can effectively spy on browser activity from a single open tab.

IT researchers have demonstrated a side-channel attack called "FROST" where browsers can spy on user behavior via SSD access times.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.