VulnHub

FBI Chief Kash Patel's clothing store fell victim to a ClickFix infostealer attack, which specifically targeted macOS users. The hackers tricked these users into downloading malware that steals sensitive information. This incident raises concerns not only for Patel as a public figure but also for the broader implications of malware targeting retail platforms. Such attacks can lead to significant data breaches, impacting customer trust and potentially leading to financial losses. Users of the compromised store should be vigilant about their personal data and consider reviewing their security measures to prevent similar threats in the future.

A vulnerability in the Ghost Content Management System (CMS) has been exploited, leading to the hacking of over 700 websites, including those of prestigious institutions like Harvard and Oxford, as well as the search engine DuckDuckGo. This breach highlights the risks associated with using outdated or unpatched software, as attackers were able to take advantage of security flaws to gain unauthorized access. The incident raises concerns about the personal data and sensitive information that could be exposed on these compromised sites. Organizations using Ghost CMS need to ensure they are running the latest version and apply any available patches to protect their websites from similar attacks in the future.

Recently, researchers discovered that malicious tags were injected into Laravel-Lang packages, a popular library used in web development. Within a 15-minute window, these tags created backdoors that could exfiltrate continuous integration (CI) secrets, potentially putting many developers and projects at risk. This incident is particularly concerning because it affects a widely used package, meaning that numerous applications relying on Laravel-Lang could be compromised. Developers using these packages need to be vigilant and review their code for any unauthorized changes. The incident serves as a reminder of the importance of securing third-party libraries and regularly monitoring for vulnerabilities.

A newly discovered zero-click attack is targeting WhatsApp accounts on iPhones running iOS 16, allowing attackers to take control of accounts without any user interaction or warning. This means that users can find their accounts sending unauthorized messages, often asking contacts for money transfers, without realizing they’ve been compromised. The attack is particularly concerning because it does not require any linked devices, making it harder for users to identify or prevent the intrusion. As this vulnerability is actively exploited, users of WhatsApp on iOS 16 need to be vigilant and take precautions to protect their accounts. This incident highlights the ongoing challenges of mobile security and the importance of being cautious about unsolicited messages and requests.

Fraudsters are targeting Formula 1 fans with various scams, including fake streaming services and counterfeit merchandise. The Bitdefender Cybersecurity Grand Prix Fan Threat Index reveals that these scams are increasingly common, especially during major racing events where fan interest peaks. Unsuspecting fans may fall victim to these schemes, losing money and personal information. The article emphasizes the importance of awareness and vigilance among fans, encouraging them to verify the legitimacy of online services and products before making purchases. With the growing popularity of F1, these scams pose a significant risk to the fan community, making cybersecurity education essential.

A hacker is reportedly selling a massive database containing the personal information of 340 million OnlyFans users. This database appears to have been created by combining data from previous breaches and matching it with public profiles to identify real OnlyFans accounts. The implications are serious, as this kind of data leak can lead to identity theft, harassment, or other malicious activities targeting the users involved. OnlyFans users should be particularly cautious about their online security and consider changing their passwords and enabling two-factor authentication. This incident raises broader concerns about the security of online platforms and the risks associated with sharing personal information.

A significant security vulnerability has been identified in Ghost CMS, specifically a SQL injection flaw labeled CVE-2026-26980. Attackers are exploiting this weakness to inject harmful JavaScript code, which activates ClickFix attack flows across numerous websites utilizing this content management system. This exploitation poses a serious risk to users by potentially compromising their data and functionality of affected sites. Ghost CMS users, particularly those running outdated versions, should take immediate action to secure their systems. This incident highlights the ongoing need for vigilance in web security and the importance of keeping software up to date.

Recent reports indicate that the popular npm package 'node-ipc' has been compromised with a credential-stealing malware. This incident affects developers who rely on this package for their applications, potentially exposing sensitive user information. Additionally, a new group called TeamPCP has emerged, deploying clones of the Shai-Hulud malware, which may pose further risks to various systems. Moreover, active supply chain attacks have targeted '@antv' packages on npm, putting more developers at risk. The compromised GitHub Action 'actions-cool/issues-helper' has also been found to redirect all tags to malicious endpoints, heightening concerns over the security of widely-used development tools. Developers and organizations should take immediate precautions to secure their environments and monitor for any unusual activity.