Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
The Caledonian-Record

Ascensia Diabetes Care Expands CONTOUR® Portfolio with CONTOUR®COMFORT Pen Needles to Bring Greater Stability and Control to the Everyday Injection Experie…

Ascensia Diabetes Care, a global diabetes care company and subsidiary of PHC Holdings Corporation (TSE 6523), today announced ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

Zverev beats Cobolli in tense Paris final for first Grand Slam

Alexander Zverev finally lands the Grand Slam title that threatened to elude him after overcoming Flavio Cobolli and his own ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Receiver appointed to oversee sale of Germantown manufacturer

Preview this article 1 min A court-appointed receiver is pursuing a sale of the Germantown manufacturing business as a going ...

Ottawa to direct CRTC to scrap demands for streamers to fund local news, niche broadcasters

Online Streaming Act has become trade irritant with Trump administration due to costs it imposes on American companies ...
The Hacker News

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.