WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
The Caledonian Record

Hopstem hNPC01 Cell Injection Earns FDA RMAT Designation for Chronic Stroke Therapy

HOUSTON, June 03, 2026 (GLOBE NEWSWIRE) -- Hopstem Biotechnology, a clinical-stage biotech specializing in iPSC-derived cell therapeutics for neurological diseases, has secured the first Regenerative ...

Two KC restaurants land on FastCasual.com's 'Top 100 Movers & Shakers' ranking

These two local restaurants rank among the top nationwide for innovation and growth in the fast-casual category.

Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks

A critical-level flaw in a popular CMS, patched months ago, is now being abused.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Dr. Mark Lynn embraces football at namesake stadium

Dr. Mark Lynn didn’t expect his namesake soccer stadium to become a football venue. Four games into the Louisville Kings’ ...
The Caledonian-Record

Tennessee fails to execute Tony Carruthers after IV difficulties. State won't try again for ...

Tennessee officials have called off the lethal injection of Tony Carruthers, who was convicted of kidnapping and murdering three people in 1994, after his executioners tried and failed for over ...
Henry Herald

Attorneys for Tennessee inmate worry state could use expired drugs for lethal injection

Attorneys for a Tennessee death row inmate say they are concerned the state may be planning to use expired lethal injection ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...