10+ hour, 22+ min ago  (262+ words) Attackers are hosting counterfeit installers and plugins on Git Hub and Source Forge that pose as widely used software, including Chat GPT, Claude, Auto Tune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called Din Door, which then…...

1+ day, 13+ hour ago  (482+ words) The vulnerability allows attackers to extract sensitive database contents without authentication, including the Ghost Admin API Key. Unlike the read-only Content API Key, this administrative key grants full control over posts and site content. Once obtained, attackers use it to…...

1+ day, 9+ hour ago  (645+ words) A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with Click Fix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly…...

1+ day, 9+ hour ago  (296+ words) A critical-level flaw in a popular CMS is being leveraged A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive Click Fix campaign, researchers have claimed. In mid-February 2026, a critical SQL injection vulnerability was…...

1+ day, 11+ hour ago  (480+ words) Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns'where website…...

1+ day, 13+ hour ago  (638+ words) Rescana Active Exploitation Alert: Ghost CMS CVE-2026-26980 Mass Attack Hijacks 700+ Sites for Click Fix Malware Campaigns A critical vulnerability, CVE-2026-26980, has been actively exploited in the wild, targeting the Ghost CMS platform. This unauthenticated blind SQL injection flaw in the…...

4+ day, 17+ hour ago  (872+ words) Organizations are spending more on cybersecurity than ever. Security budgets have expanded, technology stacks have grown, and new platforms continue to enter the market promising better visibility, stronger protection, or faster detection. On paper, all of this should lead to…...

5+ day, 15+ hour ago  (315+ words) Power Shell for mac OS is finally getting Apple notarization Microsoft is preparing a major cleanup for Power Shell on mac OS by fixing several long-standing installation and security issues. The next mac OS release of Power Shell will be…...

2+ week, 1+ day ago  (244+ words) | brief | SC Media SC Media New Ghost Lock tool abuses Windows API to block file access A security researcher has developed a proof-of-concept tool called Ghost Lock that exploits a legitimate Windows file API to prevent access to local and…...

2+ week, 1+ day ago  (377+ words) A critical, unpatched vulnerability is actively threatening Open Web UI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click Remote…...