Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

'Leviticus': Why the Conversion Therapy Horror Movie Is a Love Story

SPOILER ALERT: This story contains spoilers for “Leviticus” and “Obsession,” both currently playing in theaters. Deep into ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Morning Call PA

A data center is proposed in south Allentown. Here is what we know about the plan

Few details are yet available about plans for a proposed data center in south Allentown, the first of its kind in the city, but officials already have plans in motion to address the proliferation of ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...