Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

GitHub says a poisoned VS Code extension exposed 3,800 internal repos as Binance founder CZ tells crypto devs to rotate keys.

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

The University of Toronto, the University of British Columbia and the University of Alberta are among the largest Canadian ...

A cyberattack shut down an education platform used by universities and K-12 schools across the US Thursday, depriving students and teachers of essential classroom materials — at a time when many are ...

Privately-held, extended detection and response firm Trellix disclosed over the weekend that hackers found their way to its source-code repository. See Also: Know Thy Enemy: Threats to Cyber ...

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...