KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Ottawa must move urgently to ban nude deepfakes

The Liberals should propose separate legislation to criminalize the distribution of AI-generated naked images of real people ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto Devs Across Multiple Ecosystems

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...
Ventureburn

Socket Raises $60M to Strengthen AI Security

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.
How-To Geek on MSN

I stopped using the LET function—and my Excel sheets are better for it

Replacing LET formulas with helper columns made my Excel workbooks easier to audit, adapt, and troubleshoot.
Arabian Post

InvisibleFerret shift raises developer risks

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
The Caledonian-Record

Sonatype Firewall Extends Malicious Package Protection to Any Repository

Sonatype ®, the control plane for agentic software development, today expanded Sonatype Firewall protections to help organizations block malicious open source packages ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...