Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. Multiple iOS exploits and five exploit chains ...

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

I joined Roblox games with full admin powers… and immediately started causing chaos. From trolling random players and ...

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics ...

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.

A group of teenagers seem to be targeting a cryptocurrency billionaire out of boredom, but they have a more sympathetic motive in this hacker film. By Chris Azzopardi When you purchase a ticket for an ...

A researcher has released proof-of-concept (PoC) exploit code for two unpatched Windows flaws, including a BitLocker bypass that can expose encrypted drives on affected systems. The BitLocker issue, ...

The anonymous security researcher who has already maliciously exposed three Windows zero-days this year has revealed two more, dropping them just after Microsoft's monthly Patch Tuesday update.

A skilled security researcher who went rogue after claiming Microsoft left him “homeless with nothing” has released a third wave of Windows zero-day vulnerabilities, timing the drop just after Patch ...

The company behind the popular Canvas software, which was hacked last week causing major disruption at thousands of universities and colleges, has paid the hackers not to publish stolen data online.

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...