techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
TechCrunch

Meta quietly launches a new Reddit-like app called Forum

Meta has quietly released a new stand-alone app for Facebook Groups called “Forum.” The company seems to be positioning Forum as a platform that functions similarly to Reddit, describing the app as a ...
Bleeping Computer

Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. The flaw has not received an ...
unite

UiPath Expands Its Automation Platform to Support AI Coding Agents Across the Enterprise

UiPath has announced what it describes as the first enterprise automation platform with native support for multiple AI coding agents, including OpenAI Codex and Anthropic’s Claude Code. The new ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
Wall Street Journal

Teen Boys and Young Men Are Injecting Peptides in Search of Perfection

For as long as he can remember, Trevor Larcom wanted to look different. He’d grown up overweight in the public eye as a child actor, appearing on the sitcoms “Fresh Off the Boat” and “Fuller House.” ...