Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and ...

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

Google caught the first zero-day exploit built with AI assistance. Criminal and state backed hackers are using AI models to find vulnerabilities faster.

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged ...

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe ...

DeFi can't stop bleeding, and Wasabi Protocol is the latest to find out why. The protocol, a perpetuals trading platform built on Ethereum and Base, was drained of about $4.55 million on Thursday ...

How did the Wasabi Protocol exploit unfold? Decentralized derivatives platform Wasabi Protocol has been exploited for more than $5 million in a coordinated attack spanning multiple blockchain networks ...

Grindr's White House Correspondents' Dinner weekend bash in Washington, D.C. is drawing interest from the top reaches of government ... including President Donald Trump's administration! Joe Hack-- ...