The Hacker News

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

MFA prompt bombing enabled Cisco attackers to steal 2.8GB in 2022, exposing push MFA weaknesses and account takeover risks.

The AI Era Is Creating a Bug Hunting Arms Race

As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
PCMag on MSN

Kash Patel's Apparel Site Is Trying To Trick Visitors Into Installing Malware

The FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack, which involves duping users into running a seemingly benign, but malicious command.