KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Moneylife

CBSE's Digital Exam Portal Had a Master Password That Could Unlock Any Examiner's Account — and the Board Knew for 3 Months before Going Public

A 19-year-old cybersecurity enthusiast has raised serious questions about the safety of the Central Board of Secondary ...
AlterNet on MSNOpinion

A small disclaimer exposes a secret Trump project run by Airbnb founder

A small disclaimer on a website just exposed a secret project with no reporting, oversight, transparency or accountability ...

How to turn Jellyfin on an old Mac into a private streaming service

Film fans with a massive movie collection can make their own mini Netflix by using Jellyfin and a Mac as a file server.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...
InfoQ

NodeJS Proposes Built-In Virtual File System, Sparking Debate over AI-Generated Contributions

Matteo Collina has proposed a Virtual File System (VFS) for Node.js core through the node:vfs module. The proposal includes about 19,000 lines of code and addresses common workflow challenges. While ...