Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Microsoft

New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences

Explore what's new in Copilot Studio, May 2026: computer-using agents are now available, plus redesigned workflows and Work IQ extensibility.
The Hacker News

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

AI-built corporate apps lacked access controls across 380,000 public assets, exposing sensitive data and increasing enterprise risk.
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...