Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Bleeping Computer

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. Microsoft tracks the actor as Storm ...
9to5Mac

How to remove your personal data from the internet (and why you can’t afford to wait)

Data brokers make a living by selling your personal information for profit. Your phone number, email, home address, and Social Security number could be packaged and sold to spammers, scammers, and ...
CBS News

Canvas' parent company strikes deal with hackers to delete data stolen from educational platform

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle ...