Large-scale Russian attack on Ukraine leaves four dead and dozens injured

A hypersonic missile, which reportedly travels over 10 times the speed of sound, was used, Russia has confirmed.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
Telegraph Herald

Russia uses hypersonic Oreshnik missile in mass attack on Kyiv

Russia used the powerful hypersonic Oreshnik ballistic missile during a mass drone and missile attack on Kyiv on Sunday that killed at least two people, Ukrainian President ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
The Caledonian-Record

Gabby Williams' 15 points lead balanced attack by Valkyries, Golden State beats Connecticut 97-70

Gabby Williams scored 15 points, Kaila Charles added 12 points and seven rebounds, and the Golden State Valkyries ran away from the Connecticut Sun for a ...
LGBTQ Nation

Popular trans activist brutally beaten in the street: “This is what voting Republican makes happen”

A prominent trans activist and scientist was brutally attacked near their home in Chicago last month and recently shared what happened on social media. Jey McCreight, a genomics expert who goes by Dr.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto Devs Across Multiple Ecosystems

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...

What we know about the San Diego mosque attack suspects

Five people, including two suspects, are dead following a gun attack on a San Diego mosque.
Infosecurity Magazine

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators ...