A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

A surfing competition was thrown into chaos after a photographer was bitten in the water, triggering fears of a shark attack.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

IT researchers have demonstrated a side-channel attack called "FROST" where browsers can spy on user behavior via SSD access times.

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

FROST exploits the Origin Private File System (OPFS), a browser API that lets websites create and store files on a user's local disk.

By discreetly measuring EM leaks and SSD operations, attackers leveraging the FROST attack can effectively spy on browser activity from a single open tab.