Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign By Bill Toulas May 24, 2026 10:12 AM A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE…
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages By Bill Toulas June 8, 2026 04:41 PM Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of…
Chinese hackers breach REDCap servers, steal medical research By Bill Toulas June 15, 2026 10:00 AM A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and…
NFCShare Android malware spreads via fake banking app updates on GitHub By Bill Toulas June 8, 2026 06:11 PM New variants of the NFCShare Android malware are being distributed as fake…
…Most Organizations Don't Treat Them That Way Sponsored by Token Security June 19, 2026 09:10 AM For years, security teams built their programs around a simple premise of if you…
Hackers exploit FortiClient EMS flaw to push infostealer malware By Bill Toulas May 28, 2026 01:25 PM Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management…
Leaked Shai-Hulud malware fuels new npm infostealer campaign By Bill Toulas May 18, 2026 01:28 PM The Shai-Hulud malware leaked last week is now used in new attacks on…
…Hackers used AI to develop zero-day exploit for web admin tool By Bill Toulas May 11, 2026 09:02 AM Researchers at Google Threat Intelligence Group (GTIG) say that a zero…
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware By Bill Toulas June 7, 2026 10:17 AM A new variant of the Gafgyt botnet called C0XMO is targeting DD…
Nintendo confirms data stolen in WebMD subsidiary cyberattack By Bill Toulas June 18, 2026 02:31 PM Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the…