Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Why decades-old attacks still work, and why that should worry you

AI systems inherit decades-old security flaws many organizations still fail to address consistently.

Rapid7 Q1 2026 Threat Landscape Report Finds Vulnerability Exploitation Overtakes Social Engineering as the Top Initial Access Vector

New research highlights how AI-driven exploitation, zero-click vulnerabilities, and fragmented ransomware operations are reshaping cyber riskBOSTON, May 21, 2026 (GLOBE NEWSWIRE) -- Rapid7, Inc.

Internal Red Flags, CERT-In Warnings, Firm Track Record: What CBSE Ignored For OSM Tender

CBSE OSM: What was projected as a major digital transformation in India’s school examination system is now facing intense ...
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
cyberdaily

Report: Rapid7 warns AI-driven attacks are accelerating vulnerability exploitation

Rapid7 has released its Q1 2026 Threat Landscape Report, warning that AI-driven cyber-attacks are dramatically accelerating vulnerability exploitation and shrinking the window organisations have to ...