Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

Trump and Xi conclude 'very successful' talks in Beijing, but no deals announced

Donald Trump has concluded his final round of talks with Xi Jinping and wrapped up his state visit to Beijing Trump said the ...