The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ole Miss earns No. 2 seed in NCAA Tournament at Lincoln Regional

The Rebels (36-21, 15-15 SEC) earned a No. 2 seed in the 2026 NCAA Tournament and will play in the Lincoln Regional. Ole Miss ...
CSO Online

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
The Business Journals

Industry City deals include DataVerge expansion, 2 new robotics tenants

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. DataVerge's expansion will grow the facility from 50,000 ...
Android

Meta opens Ray-Ban Display glasses to third-party apps

Meta is throwing open the doors to its Ray-Ban Display glasses. Starting today, developers can build third-party apps for the smart glasses using either a native mobile SDK (Swift or Kotlin) or web ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.