Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Caledonian-Record

Installation of Acrow Bridges Throughout Angola is Underway

Acrow, a leading international bridge design and engineering firm, today announced that the first of 186 bridges it is providing to the ...

Houston data center to add what it claims is area's largest rooftop solar installation

The solar array is expected to generate about 4.5 million kilowatt hours annually over an expected 25-year operational life.
The Caledonian-Record

Daytona International Speedway to Install State-of-the-Art Musco LED Lighting System, Setting New Global Standard for Motorsports Venues

Daytona International Speedway today announced a transformative, venue-wide LED lighting project that will introduce the next ...

Sunport adds fast chargers at cellphone lot, more planned for next year

Funding came from a Volkswagen settlement awarded by the New Mexico Environment Department. Airport officials plan to add ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

New WordPress Plugin: MUTE Spam Blocker Brings Zero-Code Contact Form Protection to Millions of WordPress Sites

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.