Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

Why decades-old attacks still work, and why that should worry you

AI systems inherit decades-old security flaws many organizations still fail to address consistently.

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...

NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what …

Critical infrastructure organizations should move to harden their Automatic Tank Gauge (ATG) systems to defend against ...

Federal agencies warn energy and food sectors of vulnerabilities in tank gauge systems

ATGs are used in multiple critical sectors of industry, and many are still unsecured.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Coempt gave CBSE cyber certificates that were expired, tied to other client

The cybersecurity certificates submitted to CBSE for its OSM platform were outdated and covered a different client's deployment, raising questions on the platform's actual security.

Patch now! Attackers exploiting critical malicious code vulnerability in Drupal

Attackers are currently targeting websites created with the CMS Drupal. However, pages are only vulnerable if they use ...

AI agents can now manipulate your organization. Are you ready?

Agentic AI is moving quickly while the threat models that should constrain it are still being written. The sensible response ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems

CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators ...