Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts

Meta’s AI support chatbot proved unusually helpful to hackers looking to steal and resell notable Instagram accounts—the ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Hosted on MSN

Deal reached to delete data stolen from Canvas hackers

Deal reached to delete data stolen from Canvas hackers Posted: May 13, 2026 | Last updated: May 13, 2026 The company that operates the online learning system Canvas said it struck a deal with hackers ...
PCMag on MSN

Can a VPN Actually Protect You From Hackers? The Answer Is Complicated

From DDoS attacks to public Wi-Fi risks, here's what a VPN is effective against—and the threats that require other tools and ...
Boston Herald

Deal reached with hackers to delete data stolen from the Canvas educational platform

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle ...