cyber·news

CRITICAL

CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...

NVD CVE-2026-26980 +2 106d ago

INFO

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

BleepingComputer 12d ago

INFO

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

The Hacker News 11d ago

HIGH

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

The Hacker News supply-chainbreachesmalware +81 17d ago

INFO

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax

rss:cisa-advisories 24d ago

INFO

Fuji Electric Tellus

rss:cisa-advisories 24d ago

INFO

ABB AC500 V3 Multiple Vulnerabilities

rss:cisa-advisories 24d ago

INFO

Subnet Solutions PowerSYSTEM Center

rss:cisa-advisories 24d ago

INFO

ABB Automation Builder Gateway for Windows

rss:cisa-advisories 24d ago

INFO

ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities

rss:cisa-advisories 24d ago

INFO

Siemens Siemens ROS#

rss:cisa-advisories 22d ago

INFO

Siemens gWAP

rss:cisa-advisories 22d ago

INFO

Siemens SIMATIC

rss:cisa-advisories 22d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 22d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 22d ago

INFO

Siemens Simcenter Femap

rss:cisa-advisories 22d ago

INFO

Universal Robots Polyscope 5

rss:cisa-advisories 22d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 22d ago

INFO

Siemens Teamcenter

rss:cisa-advisories 22d ago

INFO

Siemens Solid Edge

rss:cisa-advisories 22d ago

INFO

Siemens SENTRON 7KT PAC1261 Data Manager

rss:cisa-advisories 22d ago

INFO

Siemens Opcenter RDnL

rss:cisa-advisories 22d ago

INFO

Siemens Ruggedcom Rox

rss:cisa-advisories 22d ago

INFO

Siemens Industrial Devices

rss:cisa-advisories 22d ago

INFO

Siemens SIMATIC S7 PLC Web Server

rss:cisa-advisories 22d ago

INFO

Siemens SIPROTEC 5

rss:cisa-advisories 22d ago

INFO

Siemens SIMATIC

rss:cisa-advisories 22d ago

INFO

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

The Hacker News 19d ago

INFO

Kieback & Peter DDC Building Controllers

rss:cisa-advisories 17d ago

INFO

Siemens RUGGEDCOM APE1808 Devices

rss:cisa-advisories 17d ago

INFO

ABB CoreSense HM and CoreSense M10

rss:cisa-advisories 17d ago

INFO

ScadaBR

rss:cisa-advisories 17d ago

INFO

ZKTeco CCTV Cameras

rss:cisa-advisories 17d ago

INFO

CISA Exposes Secrets, Credentials in 'Private' Repo

rss:darkreading 17d ago

INFO

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

The Hacker News 17d ago

INFO

GitHub investigates internal repositories breach claimed by TeamPCP

BleepingComputer 16d ago

INFO

GitHub confirms breach of 3,800 repos via malicious VSCode extension

BleepingComputer 16d ago

INFO

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

rss:cisa-advisories 16d ago

INFO

Senator presses CISA for answers about alleged GitHub repository leak

The Record 16d ago

INFO

GitHub confirms being hacked by TeamPCP, says customer data unaffected

The Record 16d ago

INFO

Grafana breach caused by missed token rotation after TanStack attack

BleepingComputer 16d ago

INFO

GitHub Confirms Breach, 4K Internal Repos Stolen

rss:darkreading 16d ago

INFO

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

The Hacker News 16d ago

INFO

GitHub links repo breach to TanStack npm supply-chain attack

BleepingComputer 15d ago

INFO

ABB Terra AC Wallbox

rss:cisa-advisories 15d ago

INFO

ABB B&R Automation Studio

rss:cisa-advisories 15d ago

INFO

ABB B&R Automation Runtime

rss:cisa-advisories 15d ago

INFO

ABB B&R PCs

rss:cisa-advisories 15d ago

INFO

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

SecurityWeek 14d ago

INFO

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

The Hacker News 14d ago

INFO

CISA Security Leak

rss:schneier 14d ago

INFO

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Krebs 14d ago

INFO

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

The Hacker News 13d ago

INFO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

The Hacker News 13d ago

INFO

Laravel Lang packages hijacked to deploy credential-stealing malware

BleepingComputer 13d ago

INFO

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

SecurityWeek 11d ago

INFO

ABB Terra AC

rss:cisa-advisories 10d ago

INFO

ABB LVS MConfig

rss:cisa-advisories 10d ago

INFO

ABB Ability Camera Connect

rss:cisa-advisories 10d ago

INFO

Eppendorf BioFlo 320

rss:cisa-advisories 10d ago

INFO

ABB AbilityTM Zenon Remote Transport Vulnerability

rss:cisa-advisories 10d ago

INFO

ABB AC500 V2

rss:cisa-advisories 10d ago

INFO

ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)

rss:cisa-advisories 10d ago

INFO

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

rss:darkreading 10d ago

INFO

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

The Hacker News 9d ago

INFO

ABB EIBPORT

rss:cisa-advisories 8d ago

INFO

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter

rss:cisa-advisories 8d ago

INFO

ABB Busch-Welcome 2 Wire Door Opener Actuator

rss:cisa-advisories 8d ago

INFO

Fourth Frontier Frontier X Mobile Application, Frontier X2

rss:cisa-advisories 8d ago

INFO

CP Plus 8 Ch. Network Video Recorder

rss:cisa-advisories 8d ago

INFO

XCharge C6

rss:cisa-advisories 8d ago

INFO

KMW CCTV Security Cameras

rss:cisa-advisories 8d ago

INFO

MacGregor Voyage Data Recorder (VDR) G4e

rss:cisa-advisories 8d ago

INFO

Supply Chain Compromises Impact Nx Console and GitHub Repositories

rss:cisa-advisories 8d ago

INFO

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

The Hacker News 8d ago

INFO

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

The Record 7d ago

INFO

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

The Hacker News 4d ago

INFO

Red Hat removes tainted packages after software pipeline compromise

The Record 3d ago

INFO

VS Code zero-day lets hackers steal GitHub tokens in one click

BleepingComputer 2d ago

INFO

NAVTOR NavBox

rss:cisa-advisories 1d ago

INFO

Hitachi Energy MACH HiDraw

rss:cisa-advisories 1d ago

INFO

Hitachi Energy ITT600 Explorer

rss:cisa-advisories 1d ago

INFO

B&R PPT30 Operating System

rss:cisa-advisories 1d ago

INFO

Hitachi Energy RTU500

rss:cisa-advisories 1d ago

INFO

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

The Hacker News 1d ago

INFO

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

BleepingComputer breachesransomwaresupply-chain 13d ago

HIGH

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

The Hacker News supply-chainbreachesmalware +19 18d ago

INFO

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

rss:darkreading 25d ago

INFO

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

rss:darkreading 24d ago

INFO

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

The Hacker News 23d ago

INFO

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

The Hacker News 23d ago

INFO

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News 21d ago

INFO

Can Laws Stop Deepfakes? South Korea Aims to Find Out

rss:darkreading 19d ago

INFO

Processes and Culture Top Reasons Behind Data Breaches

rss:darkreading 16d ago

INFO

When Identity is the Attack Path

The Hacker News 15d ago

INFO

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The Hacker News 14d ago

INFO

Meta settles school district lawsuit claiming addictive design harmed students' mental health

The Record 14d ago

INFO

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News 13d ago

INFO

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

The Hacker News 11d ago

INFO

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Hacker News 10d ago

INFO

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

SecurityWeek 9d ago

INFO

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek 7d ago

INFO

California AG sues 23andMe over 2023 breach exposing health data

BleepingComputer 7d ago

INFO

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

SecurityWeek 2d ago

INFO

Chrome 149 Patches 429 Vulnerabilities

SecurityWeek 17h ago

INFO

EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers

The Record 15h ago

INFO

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

SecurityWeek breachesransomwaresupply-chain 13d ago

INFO

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

The Hacker News supply-chainbreachesmalware 13d ago

CRITICAL

CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)

CISA KEV CVE-2026-48172actively-exploited +2 11d ago

CRITICAL

CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...

NVD 16d ago

INFO

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News 13d ago

CRITICAL

CVE-2026-9082: Drupal Core SQL Injection Vulnerability (Drupal Core)

CISA KEV CVE-2026-9082actively-exploited +4 15d ago

INFO

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

The Hacker News 16d ago

INFO

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

SecurityWeek 15d ago

INFO

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

SecurityWeek 14d ago

INFO

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The Hacker News 13d ago

INFO

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

The Hacker News supply-chainbreachesmalware +2 14d ago

INFO

Europe dismantles VPN service used by cybercriminals to hide ransomware attacks

The Record 16d ago

INFO

Police seize “First VPN” service used in ransomware, data theft attacks

BleepingComputer 15d ago

INFO

Netherlands seizes 800 servers of hosting firm enabling cyberattacks

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Hacker News supply-chainbreachesmalware 14d ago

INFO

Former US execs plead guilty to aiding tech support scammers

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

SecurityWeek breachesransomwaresupply-chain 14d ago

INFO

Trend Micro warns of Apex One zero-day exploited in the wild

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

Drupal: Critical SQL injection flaw now targeted in attacks

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

Why Chargebacks are Just One Piece of the Fraud Puzzle

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

Canadian man arrested, charged for running KimWolf DDos botnet

The Record breachesransomwarenation-state +4 14d ago

INFO

Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

Krebs 15d ago

INFO

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The Hacker News 14d ago

INFO

US and Canada arrest and charge suspected Kimwolf botnet admin

BleepingComputer 14d ago

INFO

Canadian Man Arrested for Operating Kimwolf Botnet

SecurityWeek 14d ago

INFO

Ubiquiti patches three max severity UniFi OS vulnerabilities

BleepingComputer breachesransomwaresupply-chain 14d ago

INFO

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

The Hacker News supply-chainbreachesmalware 14d ago

INFO

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

SecurityWeek breachesransomwaresupply-chain 14d ago

CRITICAL

CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability (Trend Micro Apex One)

CISA KEV CVE-2026-34926actively-exploited +1 16d ago

INFO

TrendAI Patches Apex One Zero-Day Exploited in the Wild

SecurityWeek 14d ago

CRITICAL

CVE-2026-20223 (CVSS 10) — A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could a...

NVD CVE-2026-20223 +1 16d ago

INFO

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

The Hacker News 14d ago

INFO

Gemini Voice Assistant Hijacked via Messaging Notifications

SecurityWeek breachesransomwaresupply-chain +18 1d ago

INFO

VoidStealer Malware Darts Past Google Chrome's Encryption

rss:darkreading 30d ago

INFO

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

The Hacker News 23d ago

INFO

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

rss:googleprojectzero 23d ago

INFO

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek 15d ago

INFO

Google accidentally exposed details of unfixed Chromium flaw

BleepingComputer 15d ago

INFO

Google API Keys Remain Active After Deletion

rss:darkreading 15d ago

INFO

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

The Hacker News 9d ago

INFO

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

SecurityWeek 8d ago

INFO

US charges Google security engineer with Polymarket insider trading

BleepingComputer 7d ago

INFO

Google Chrome adds session cookie theft protection for all users

BleepingComputer 7d ago

INFO

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

The Hacker News 4d ago

INFO

Google fixes one actively exploited Android zero-day, 124 flaws

BleepingComputer 3d ago

INFO

Google adds Android protection against AI deepfake scam calls

BleepingComputer 2d ago

INFO

Malicious Notifications Could Trick Google Gemini Users

rss:darkreading 2d ago

INFO

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

The Hacker News 2d ago

INFO

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

The Hacker News 2d ago

INFO

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The Hacker News 1d ago

INFO

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

The Hacker News 1d ago

INFO

Apple removes Russia’s state-backed messaging app Max from its store

The Record breachesransomwarenation-state +3 1d ago

INFO

Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

SecurityWeek 15d ago

INFO

Apple blocked over $11 billion in App Store fraud in 6 years

BleepingComputer 15d ago

INFO

macOS Kernel Memory Corruption Exploit

rss:schneier 15d ago

INFO

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News supply-chainbreachesmalware 15d ago

INFO

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

BleepingComputer breachesransomwaresupply-chain 15d ago

INFO

Chinese hackers target telcos with new Linux, Windows malware

BleepingComputer breachesransomwaresupply-chain 15d ago

INFO

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks

rss:darkreading breachesmalwarethreat-actors 15d ago

INFO

Cisco warns of critical Unified CM flaw with PoC exploit code

BleepingComputer breachesransomwaresupply-chain +4 1d ago

INFO

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

rss:darkreading 22d ago

INFO

Cisco Patches Critical Vulnerability in Secure Workload

SecurityWeek 15d ago

INFO

Max severity Cisco Secure Workload flaw gives Site Admin privileges

BleepingComputer 15d ago

INFO

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

SecurityWeek 1d ago

INFO

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

The Hacker News supply-chainbreachesmalware 15d ago

INFO

Ocean Emerges From Stealth With $28M for Agentic Email Security Platform

SecurityWeek breachesransomwaresupply-chain 15d ago

INFO

Flipper One project needs community help to build open Linux platform

BleepingComputer breachesransomwaresupply-chain 15d ago

CRITICAL

CVE-2026-41091: Microsoft Defender Link Following Vulnerability (Microsoft Defender)

CISA KEV CVE-2026-41091actively-exploited +2 17d ago

HIGH

CVE-2026-41091 (CVSS 7.8) — Improper link resolution before file access ('link following') in Microsoft Defender allows an autho...

NVD 16d ago

INFO

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

The Hacker News 15d ago

INFO

Socket Raises $60 Million at $1 Billion Valuation

SecurityWeek breachesransomwaresupply-chain 15d ago

HIGH

Microsoft shares mitigation for YellowKey Windows zero-day

BleepingComputer breachesransomwaresupply-chain +47 16d ago

INFO

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

The Hacker News 23d ago

INFO

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

The Hacker News 23d ago

HIGH

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

The Hacker News 22d ago

INFO

Zero-Day Exploit Against Windows BitLocker

rss:schneier 18d ago

INFO

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

The Hacker News 17d ago

INFO

The New Phishing Click: How OAuth Consent Bypasses MFA

The Hacker News 17d ago

INFO

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

SecurityWeek 17d ago

HIGH

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

SecurityWeek 17d ago

INFO

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

rss:darkreading 17d ago

HIGH

Cybercrime service disrupted for abusing Microsoft platform to sign malware

BleepingComputer 17d ago

INFO

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

The Hacker News 16d ago

INFO

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hacker News 16d ago

INFO

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

SecurityWeek 16d ago

INFO

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

The Hacker News 16d ago

INFO

Microsoft warns of new Defender zero-days exploited in attacks

BleepingComputer 15d ago

INFO

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

SecurityWeek 15d ago

INFO

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

rss:darkreading 14d ago

INFO

FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

The Record 14d ago

INFO

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

BleepingComputer 11d ago

INFO

Microsoft: Domain Controller lookup may fail on Windows Server 2016

BleepingComputer 10d ago

INFO

Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations

SecurityWeek 10d ago

INFO

Microsoft Defender can now automatically isolate hacked endpoints

BleepingComputer 10d ago

INFO

Microsoft Issues Out-of-Band SharePoint Patch

rss:darkreading 10d ago

INFO

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

The Hacker News 9d ago

INFO

Windows 11 KB5089573 update released with performance improvements

BleepingComputer 9d ago

INFO

Microsoft fixes KB5089549 Windows security update install issues

BleepingComputer 4d ago

INFO

Microsoft confirms outage affecting MFA, My Sign-Ins platform

BleepingComputer 4d ago

INFO

Microsoft fixes outage affecting MFA setup, MySignIn service

BleepingComputer 4d ago

INFO

Microsoft says it will not pursue security researchers after zero-day backlash

The Record 4d ago

INFO

Microsoft investigates Office Apps, Teams file access issues

BleepingComputer 4d ago

INFO

Microsoft's Zero-Day Legal Threats Spark Backlash

rss:darkreading 4d ago

INFO

Microsoft Threatening Security Researcher

rss:schneier 3d ago

INFO

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

SecurityWeek 3d ago

INFO

Microsoft Exchange Online outage causes email delays, failures

BleepingComputer 3d ago

INFO

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

rss:darkreading 3d ago

INFO

Microsoft's Coreutils project brings Linux commands to Windows

BleepingComputer 3d ago

INFO

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

The Hacker News 2d ago

INFO

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

SecurityWeek 2d ago

INFO

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

The Hacker News 2d ago

INFO

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

The Hacker News 2d ago

INFO

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

rss:darkreading 2d ago

INFO

VS Code Vulnerability Allows One-Click GitHub Token Theft

SecurityWeek 1d ago

INFO

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The Record 1d ago

INFO

Microsoft blames unexpected Windows driver updates on caching issue

BleepingComputer 1d ago

INFO

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The Hacker News 23h ago

INFO

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

The Hacker News 16h ago

INFO

Chinese APT deploys new malware to keep access to hacked networks

BleepingComputer 10h ago

INFO

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

SecurityWeek breachesransomwaresupply-chain 15d ago

Prev Page 6 / 9 Next

CRITICAL NVD Fri, 20 Feb 2026 02:16:54 UTC

CVE-2026-26980 (CVSS 9.4) — Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated a...

https://nvd.nist.gov/vuln/detail/CVE-2026-26980

TL;DR

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

CVE-2026-26980

Read full story ↗