Ghost CMS CVE-2026-26980: SQL Injection Hit 700+ Sites
Ghost CMS CVE-2026-26980 exploits hit 700+ sites including Harvard and Oxford. One unauthenticated request extracts admin keys. Upgrade to 6.19.1 now.
Apple M5 MIE Kernel Exploit: Update to macOS 26.5 Now
Security startup Calif, working with Claude Mythos Preview, produced the first public kernel local privilege ...
Bumblebee: Perplexity’s Open-Source Scanner for Developer Supply Chain Threats
Perplexity AI — the search company — open-sourced a developer security tool on May 22. ...
npm Staged Publishing: The 2FA Gate Against Supply Chain Attacks
npm 11.15.0 introduced staged publishing - a mandatory 2FA approval gate between your CI/CD pipeline ...
CVE-2026-26268: Cursor AI RCE via Git Hooks — Patch Now
CVE-2026-26268 lets attackers run code on your machine when Cursor's agent clones a malicious repo. ...
CVE-2026-46333: Linux Kernel Flaw Leaks SSH Keys Now
A 9-year Linux kernel race condition lets unprivileged users steal SSH keys and gain root. Patches are available. Here is what to do, ...
Secure Boot Certificates Expire June 27: Act Now
Microsoft's 2011 Secure Boot certificates expire June 24-27. Windows Server won't auto-update. Here's your 30-day ...
AI Found 271 Firefox Bugs: What Developers Must Do Now
Mozilla ran AI against Firefox 150 and found 271 bugs — more than humans found ...
Chromium’s Unfixed Service Worker Flaw Creates Browser Botnets
Google accidentally leaked PoC exploit code for a 42-month-old Chromium flaw that silently turns browsers ...
Microsoft Copilot Cowork Exfiltrates Your Files — No Approval Required
Microsoft’s enterprise AI agent can be manipulated to silently send your organization’s files to an ...