Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.