CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

The Art of JSON Validation and Cleaning: A Comprehensive Guide

Discover the essential techniques for validating and cleaning JSON data, ensuring data integrity and proper formatting for various applications and APIs.
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Hacker News

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

Nimbus Manticore used AI-assisted MiniFast malware in 2026 campaigns, expanding espionage through SEO poisoning and phishing.
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...