The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. What makes the vulnerability severe is ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
51CTO

把 Agent 当操作系统来保护:LLM 不可信,运行时才是安全内核

这篇文章的价值,不在于又列举了几个 Agent 攻击案例,而在于给 Agent 安全提供了一个更底层的解释框架。 最近讨论 Agent 安全时,很多人还是习惯从提示注入、越狱、恶意网页、工具滥用这些具体问题切入。 这些问题当然重要,但它们只是表层现象。 真正的 ...