WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
The Caledonian Record

Hopstem hNPC01 Cell Injection Earns FDA RMAT Designation for Chronic Stroke Therapy

HOUSTON, June 03, 2026 (GLOBE NEWSWIRE) -- Hopstem Biotechnology, a clinical-stage biotech specializing in iPSC-derived cell therapeutics for neurological diseases, has secured the first Regenerative ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Business Journals

TSMC to deploy $20B into Arizona subsidiary as chip giant expands Phoenix fab site

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The latest capital injection is ...
IEEE

BridgeTaint: A Bi-Directional Dynamic Taint Tracking Method for JavaScript Bridges in Android Hybrid Applications

Abstract: Hybrid applications (apps) are becoming more and more popular due to their cross-platform capabilities and high performance. These apps use the JavaScript (JS) bridge communication scheme to ...
Dark Reading

AI Agents Undermine Progress in Browser Security

Browser security is far from perfect, but technologists and cybersecurity researchers have built a security model that, for the most part, works. However, artificial intelligence (AI) agents could be ...
The Business Journals

Enable Injections raises $30M in midst of $120M manufacturing push

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min One of Cincinnati's best-funded ...
GitHub

Security: JavaScript Injection Vulnerability in Investigation Results Chart

A potential JavaScript injection vulnerability exists in the Health Analytics tab of the OPD Visit page. Investigation names are interpolated directly into JavaScript string literals without proper ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...