May 31 update. This post, first published on May 30, was updated with more details of the prospective release schedule for iOS 27 and details of how the new Siri will be crucial to the success of the ...

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

GCL Global Holdings Ltd (Nasdaq: GCL) (“GCL” or the “Company”), a leading provider of games and entertainment, today announced that its publishing subsidiary, ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.