The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Google posts Chromium browsers' proof-of-concept exploit code without a fix

Chrome, Edge, Brave, Opera, and other Chromium-based browsers could reportedly be exposed to abuse after Google accidentally ...
The Caledonian-Record

US military says it carried out 'self-defense' strikes in Iran, including on missile launch ...

The U.S. military said Monday that it carried out “self-defense” strikes in southern Iran, including on missile launch sites and boats placing mines, even as President Donald Trump said on ...
couriernews.com

Predators 1st-rounder Cameron Reid helps Kitchener beat Everett 6-2 in Memorial Cup

Kitchener captain Cameron Reid opened the scoring and assisted on all three goals in a deciding surge, helping the Rangers ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Caledonian-Record

Pope Leo XIV makes historic apology for Vatican's role in legitimizing slavery

Pope Leo XIV has made a historic apology for the role the Holy See played in legitimizing slavery. Leo’s own family history includes both enslaved people and slave owners. He ...