The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.
The Caledonian-Record

VEON’s Kyivstar Expands Renewable Energy Portfolio with Acquisition of Six Solar Power Plants

VEON Ltd. (Nasdaq: VEON), a global digital operator, today announced that Kyivstar Group Ltd. (Nasdaq: KYIV, KYIVW) (“Kyivstar”) has completed the ...
The Caledonian-Record

Installation of Acrow Bridges Throughout Angola is Underway

Acrow, a leading international bridge design and engineering firm, today announced that the first of 186 bridges it is providing to the ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
The Register-Herald

Artist JR, the 'French Banksy' creates a 'cave' installation over Paris' oldest bridge

The oldest bridge in Paris has begun vanishing as JR — the artist known as the “French Banksy” — began inflating a giant ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Sunport adds fast chargers at cellphone lot, more planned for next year

Funding came from a Volkswagen settlement awarded by the New Mexico Environment Department. Airport officials plan to add ...
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto ...

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...