Security news.
Today's security brief highlights a surge in supply chain attacks and active exploitation of critical vulnerabilities. Multiple data breaches affecting healthcare and legal sectors have also been disclosed, alongside warnings about new phishing-as-a-service platforms.
Ghost CMS SQL Injection Flaw Exploited in ClickFix Attacks
Threat actors are actively exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to hijack over 700 sites and inject malicious JavaScript for ClickFix attacks.
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which abuses OAuth device code authentication to steal session tokens and bypass MFA for Microsoft 365 account compromise.
Laravel-Lang Packages Poisoned for Malware Delivery
A supply chain attack has compromised Laravel-Lang packages, injecting backdoors to exfiltrate CI secrets and deliver credential-stealing malware to developers.
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
The 'Megalodon' supply chain attack has infected over 5,500 GitHub repositories by injecting fake automated commits with GitHub Actions workflows designed to steal credentials and secrets.
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated "TrapDoor" supply chain attack campaign is distributing credential-stealing malware through over 34 malicious packages across npm, PyPI, and Crates.io.
Lazarus Group Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
The North Korea-linked Lazarus Group is using a new cross-platform, memory-only RAT called RemotePE in multi-stage attacks targeting financial and cryptocurrency organizations.
266,000 Affected by Data Breach at Radiology Associates of Richmond
Threat actors stole files containing names and protected health information from the healthcare organization’s systems, impacting 266,000 individuals.
DocketWise Data Breach Impacts 143,000
Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories, affecting 143,000 individuals.