The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
AARP

Older Adults Say AM Radio Still Matters

Americans 50 and older support requiring cars sold in the U.S. to have AM radio as a source of entertainment and emergency ...
AARP

Eat Real Food? How Adults 50-Plus View U.S. Dietary Guidelines

AARP research examines how older adults view U.S. dietary guidelines overall and their views of the new Eat Real Food ...
Microsoft

Inventive ways people are using AI

People everywhere are using AI to get creative, spend more time with loved ones and ditch mundane tasks — all things they wouldn’t have even imagined a year ago, before generative AI became widely ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.

Microsoft Exchange 0-Day Exploit Sparks Emergency Warning — Hackers Are Attacking ...

Microsoft Exchange Servers are under threat from a zero-day vulnerability, exploited via crafted emails. With no official ...