Latest stories — Page 42

Vulnerabilities

A SQL Bug in a Blogging Tool Just Became a ClickFix Delivery Truck

Attackers turned 700+ Ghost CMS sites into watering holes by exploiting CVE-2026-26980, smuggling fake CAPTCHA prompts that trick visitors into running malware on themselves.

2 min
Threat Intelligence

The Week the Backlog Came Due: Linux Holes, Defender Zero-Days, and a Poisoned Dev Tool

A messy seven days for defenders, where forgotten servers and trusted tooling did most of the damage.

3 min
Threat Intelligence

Nimbus Manticore Drops MiniFast and MiniJunk V2 in Aviation Phishing Wave

Iran-linked UNC1549 is back with refreshed loaders, SEO-poisoned lures, and aviation-themed bait aimed at U.S., European, and Gulf targets.

3 min
Policy & Regulation

Twelve Hours, or Else: India's New Patch Clock Starts Ticking

CERT-In tells operators of internet-facing systems to close critical flaws within half a day, citing AI-assisted exploit chains that compress the attacker's runway to minutes.

2 min
Identity & Access

Prompt Bombing Turned Your Second Factor Into a Doorbell Nobody Stops Ringing

Attackers stopped trying to steal push notifications. They just wait for tired users to tap 'approve' at 2 a.m.

2 min
AI Security

Anthropic's Mythos AI Found 23,000 Potential Vulnerabilities Across 1,000 Open-Source Projects — and Counting

The numbers are large. The confirmed critical findings are real. What Anthropic has not yet said publicly is whether any of them were exploited before disclosure.

2 min
Policy & Regulation

Dutch Authorities Arrest Two Bulletproof Hosting Administrators Linked to Russia-Aligned Threat Actors

The two suspects owned Dutch-registered companies that allegedly supplied infrastructure used to support Russia-aligned cybercriminal operations.

2 min
Breaches

Lithuania Probes Foreign Hand in Leak of 600,000-Plus National Register Records

Lithuanian authorities suspect state-linked actors after a data breach exposed more than 600,000 entries from government population and registration databases.

2 min
AI Security

DockSec Promises to End the Scanner Noise Problem for Docker Images

A new OWASP incubator project correlates findings from multiple container security tools and generates plain-English fixes. The question vendors aren't answering: how accurate is the AI when the scanners themselves disagree?

3 min
AI Security

Anthropic Adds 28 Enterprise Security Integrations to Claude, Including CrowdStrike and Okta

The AI company is wiring Claude into the core of enterprise security stacks, from endpoint detection to identity management.

2 min
Threat Intelligence

Threat Detection Summits Are Useful. Whether Anyone Acts on Them Is Another Matter.

A free on-demand security summit covering threat detection and incident response frameworks is now available. The sessions are solid. The gap between watching and doing remains, as ever, wide.

2 min
Threat Intelligence

Laravel Lang Composer packages backdoored via GitHub tag rewrite, dropping infostealer on developer machines

Attackers reused legitimate version tags on the laravel-lang GitHub repository to push malicious Composer payloads to downstream installs, harvesting credentials from build environments.

2 min
Identity & Access

FBI flags Kali365, the latest phishing kit pitched at draining Microsoft 365 tenants

The bureau says the subscription-priced service abuses OAuth device-code flows to lift session tokens and walk straight past MFA.

2 min
© 2026 Threat Vectr