Stephen Colbert's 'Only in Monroe' souvenirs show up for auction

You could own a souvenir from Stephen Colbert’s two episodes on Monroe Community Media, Monroe's public access cable ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Researchers found a way to spy on your browsing by watching your SSD's activity

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...

Greg Sankey didn't like my question, but Big Ten titles beat SEC metrics | Opinion

The SEC's got “metrics.” The Big Ten has trophies. If Greg Sankey can’t see why that's a problem for the SEC, then he’s ...

Stratford Festival review: A Midsummer Night’s Dream is prime Shakespeare

Graham Abbey’s production is hilarious and tight, with standout performances from Jessica B. Hill, Mike Nadajewski and ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Tennis-Ailing Sinner falls to Cerundolo in French Open second-round shock

By Shrivathsa Sridhar PARIS, May 28 (Reuters) - Jannik Sinner's bid for a maiden French Open title and career Grand Slam went ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
SecurityWeek

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.