The Caledonian Record

Hopstem hNPC01 Cell Injection Earns FDA RMAT Designation for Chronic Stroke Therapy

HOUSTON, June 03, 2026 (GLOBE NEWSWIRE) -- Hopstem Biotechnology, a clinical-stage biotech specializing in iPSC-derived cell therapeutics for neurological diseases, has secured the first Regenerative ...

Two KC restaurants land on FastCasual.com's 'Top 100 Movers & Shakers' ranking

These two local restaurants rank among the top nationwide for innovation and growth in the fast-casual category.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
GitHub

Jellyfin Plugin - JavaScript Injector

Multiple Scripts: Add as many custom JavaScript snippets as you want. Organized UI: Each script is managed in its own collapsible section, keeping your configuration clean and easy to navigate. Enable ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
GitHub

Enable Sandboxed JavaScript Injection

The App utilizes the WKWebView APIs that allow the App to inject JavaScript into web content without also leveraging platform APIs to sandbox the JavaScript from untrusted code. Starting with iOS 14, ...
SiliconANGLE

‘Gemini Trifecta’ vulnerabilities in Google AI highlight risks of indirect prompt injection

A new report out today from network security company Tenable Holdings Inc. details three significant flaws that were found in Google LLC’s Gemini artificial intelligence suite that highlight the risks ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...
Dark Reading

Web-Inject Campaign Debuts Fresh Interlock RAT Variant

An ongoing Web-inject campaign is using a beefed-up remote access Trojan (RAT) belonging to the ransomware actor Interlock. Threat intelligence firm The DFIR Report published research today dedicated ...