Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
The Caledonian Record

Hopstem hNPC01 Cell Injection Earns FDA RMAT Designation for Chronic Stroke Therapy

HOUSTON, June 03, 2026 (GLOBE NEWSWIRE) -- Hopstem Biotechnology, a clinical-stage biotech specializing in iPSC-derived cell therapeutics for neurological diseases, has secured the first Regenerative ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...