Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Drupal warns users that it has seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands ...

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches ...

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new ...

Hacking is often misunderstood as simply “breaking into computers.” But at its core, hacking is something broader and more fundamental: Hacking means making a system do something it was not meant to ...

SQL Injection (SQLi) is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. SQL Injection is one of the most common and ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...