Latest stories — Page 42

A SQL Bug in a Blogging Tool Just Became a ClickFix Delivery Truck
Attackers turned 700+ Ghost CMS sites into watering holes by exploiting CVE-2026-26980, smuggling fake CAPTCHA prompts that trick visitors into running malware on themselves.

The Week the Backlog Came Due: Linux Holes, Defender Zero-Days, and a Poisoned Dev Tool
A messy seven days for defenders, where forgotten servers and trusted tooling did most of the damage.

Nimbus Manticore Drops MiniFast and MiniJunk V2 in Aviation Phishing Wave
Iran-linked UNC1549 is back with refreshed loaders, SEO-poisoned lures, and aviation-themed bait aimed at U.S., European, and Gulf targets.

Twelve Hours, or Else: India's New Patch Clock Starts Ticking
CERT-In tells operators of internet-facing systems to close critical flaws within half a day, citing AI-assisted exploit chains that compress the attacker's runway to minutes.

Prompt Bombing Turned Your Second Factor Into a Doorbell Nobody Stops Ringing
Attackers stopped trying to steal push notifications. They just wait for tired users to tap 'approve' at 2 a.m.

Anthropic's Mythos AI Found 23,000 Potential Vulnerabilities Across 1,000 Open-Source Projects — and Counting
The numbers are large. The confirmed critical findings are real. What Anthropic has not yet said publicly is whether any of them were exploited before disclosure.

Dutch Authorities Arrest Two Bulletproof Hosting Administrators Linked to Russia-Aligned Threat Actors
The two suspects owned Dutch-registered companies that allegedly supplied infrastructure used to support Russia-aligned cybercriminal operations.

Lithuania Probes Foreign Hand in Leak of 600,000-Plus National Register Records
Lithuanian authorities suspect state-linked actors after a data breach exposed more than 600,000 entries from government population and registration databases.

DockSec Promises to End the Scanner Noise Problem for Docker Images
A new OWASP incubator project correlates findings from multiple container security tools and generates plain-English fixes. The question vendors aren't answering: how accurate is the AI when the scanners themselves disagree?

Anthropic Adds 28 Enterprise Security Integrations to Claude, Including CrowdStrike and Okta
The AI company is wiring Claude into the core of enterprise security stacks, from endpoint detection to identity management.

Threat Detection Summits Are Useful. Whether Anyone Acts on Them Is Another Matter.
A free on-demand security summit covering threat detection and incident response frameworks is now available. The sessions are solid. The gap between watching and doing remains, as ever, wide.

Laravel Lang Composer packages backdoored via GitHub tag rewrite, dropping infostealer on developer machines
Attackers reused legitimate version tags on the laravel-lang GitHub repository to push malicious Composer payloads to downstream installs, harvesting credentials from build environments.

FBI flags Kali365, the latest phishing kit pitched at draining Microsoft 365 tenants
The bureau says the subscription-priced service abuses OAuth device-code flows to lift session tokens and walk straight past MFA.