Cybersecurity

A critical SQL injection flaw (CVE-2026-26980) in Ghost CMS is being actively exploited to hijack website articles.Attackers have compromised over 700 legitimate websites across...

A coordinated supply chain attack, codenamed TrapDoor, has deployed malware across three major developer platforms: npm, PyPI, and Crates.io.The campaign targets crypto, DeFi, Solana,...

GitHub has introduced mandatory two-factor approval for npm package releases to combat software supply chain attacks.A new "staged publishing" feature requires human maintainers to...

A criminal VPN service used by at least 25 ransomware groups was dismantled in a May 2026 global operation.The service, First VPN, advertised anonymity...

A Canadian man was arrested for allegedly operating the Kimwolf DDoS botnet, a service sold to other cybercriminals.The botnet targeted firewalled internet-of-things devices and...

Two actively exploited vulnerabilities in Microsoft Defender, CVE-2026-41091 and CVE-2026-45498, have been patched according to an advisory dated May 21, 2026.The flaws, a privilege...

GitHub confirms a breach of its internal repositories via a poisoned Visual Studio Code extension.The attack was part of the larger TanStack supply chain...

Microsoft has launched two new open-source security tools, RAMPART and Clarity, designed for AI agent development.RAMPART is a testing framework for running safety and...