Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

AI-powered NDR improved security accuracy from 26% to 95%, reducing false positives and accelerating SOC threat response.

Lazarus deployed RemotePE against crypto firms using memory-only malware, enabling stealthy long-term financial intrusions.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Claude Mythos found thousands of vulnerabilities, exposing patching limits as AI-driven exploit discovery accelerates cyber risk.

Anthropic uncovered 10,000 vulnerabilities through Project Glasswing, driving urgent patching efforts and stronger cyber ...

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly ...

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ...