Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Experts find Google API keys are still usable, even after you delete them

For more than 20 minutes after deletion, some Google API keys can still be used, apparently creating a major security gap.

Clear your calendar, Drupal user: You have a critically urgent patch to install

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...
Memeburn

OpenAI code security issue: Hackers steal internal data in 2026

OpenAI confirms a severe 2026 supply chain attack compromised internal repositories. Discover how this TanStack security ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

Anthropic Just Bought a Developer Tool Used by OpenAI, Google

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model ...
Cosmetics Business

What are the best foundation shade matching technologies in 2026?

Finding the perfect foundation shade online has always been one of the biggest challenges in beauty e-commerce. Differences ...