Stephen Colbert's 'Only in Monroe' souvenirs show up for auction

You could own a souvenir from Stephen Colbert’s two episodes on Monroe Community Media, Monroe's public access cable ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Greg Sankey didn't like my question, but Big Ten titles beat SEC metrics | Opinion

The SEC's got “metrics.” The Big Ten has trophies. If Greg Sankey can’t see why that's a problem for the SEC, then he’s ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

Researchers found a way to spy on your browsing by watching your SSD's activity

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...

Stratford Festival review: A Midsummer Night’s Dream is prime Shakespeare

Graham Abbey’s production is hilarious and tight, with standout performances from Jessica B. Hill, Mike Nadajewski and ...
The Hacker News

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Hearts ready to 'rip up script' in 'perfect ending'

Hearts intend to "rip up the script" one more time this season by winning the title at Celtic Park on Saturday, says head ...
SecurityWeek

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.