Tag: security

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was discovered by XLab threat intelligence researchers at Chinese cybersecurity company Qianxin, who confirmed impact on more than 700 domains, including university portals, AI/SaaS companies, media outlets, fintech firms, […]

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. Security firms StepSecurity, Aikido Security, and Socket warned about the compromise on Friday, warning that attackers had rewritten GitHub tags across four repositories […]

Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. Former CEO Adam Young (from Miami, Florida) and former CSO Harrison Gevirtz (from Las Vegas, Nevada) admitted to a misprision of a felony charge, which carries a maximum penalty of three years in […]

Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. Apex One is Trend Micro’s enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats. Tracked as CVE-2026-34926, this directory traversal vulnerability in […]

Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May 18, urging administrators to reserve time for core updates that addressed an issue that threat actors might start exploiting “within hours or days.” The flaw […]

For most teams, fraud performance is still summed up in a single metric: chargeback rate. It is visible, painful, and tied directly to card network thresholds, so it naturally becomes the north star for fraud programs. The new VP of Fraud Strategy at IPQS, Alexander Hall, recently sat down with Jordan Harris of The Fraud […]

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi […]

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. 23-year-old Jacob Butler (also known online as “Dort”) was arrested by Canadian authorities in Ottawa on Wednesday pursuant to an extradition warrant. According to a criminal complaint unsealed on Thursday […]

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker. […]