Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Products
Discover amazing products built by our community
Open Source ProjectsNEW
Curating the best open-source projects shaping the future
Latest from the Blog
Analysis, product insight, and practical reads for builders
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
FBI warns of Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 and Entra accounts by abusing OAuth device-code authentication to steal session tokens and bypass MFA. Emerged in April 2026 and distributed via Telegram, it directs victims to a device-login portal to authorize attackers, granting access to cloud apps. Kali365 operates as a business with admins, resellers, and affiliates, and offers two attack modes: device-code phishing and an adversary-in-the-middle “Cookie Link” that captures tokens. The FBI urges organizations to block device-code authentication flows with Conditional Access, audit usage, and report incidents to IC3, noting that device-code phishing is becoming widespread in 2026 alongside EvilTokens and Tycoon2FA.
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A critical Ghost CMS SQL injection (CVE-2026-26980) is being exploited in a large-scale ClickFix campaign, impacting 700+ domains including Harvard, Oxford, Auburn, and DuckDuckGo. The flaw allows unauthenticated access to read database data and steal admin API keys, enabling attackers to inject malicious JavaScript into articles. The attack chain uses stolen keys to deploy a loader that fetches second-stage payloads and a fake Cloudflare prompt to deliver the ClickFix lure, with multiple payloads observed. Ghost patched the flaw in version 6.19.1 on February 19, 2026, but many sites have not updated. Admins should upgrade to 6.19.1+, rotate all exposed keys, review IoCs, and maintain 30 days of admin API call logs for retrospective analysis, as operators have shown reinfection and varied payloads.
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply-chain attack hit Laravel Lang localization packages by hijacking GitHub tags to point to malicious commits, affecting multiple releases across laravel-lang/lang, http-statuses, attributes, and possibly actions. Attackers rewrote existing tags (not code) to a malicious fork, enabling legitimate-looking releases to deliver malware via Composer. The payload acts as a dropper that fetches a second-stage credential-stealer from a C2 domain, harvesting cloud credentials, tokens, SSH keys, Git credentials, and other secrets across Linux, macOS, and Windows (including a Windows infostealer named DebugElevator). Packagist quickly removed the malicious versions; developers are advised to audit installed versions, rotate exposed credentials, search for indicators of compromise, and check for outbound connections to flipboxstudio.info. The Laravel Lang project itself was not compromised.
Italy Disrupts CINEMAGOAL Piracy App That Stole Streaming Auth Codes
Italian authorities dismantled the CINEMAGOAL piracy network in the nationwide operation “Tutto Chiaro,” seizing servers in France and Germany, identifying end users, and disrupting a stealth app that stole streaming authentication codes for Netflix, Disney+, Sky, DAZN, Spotify, and more. The scheme, run by a network of over 70 resellers and backed by crypto payments and fake IDs, is estimated to have caused about €300 million in unpaid subscription revenue; the investigation is ongoing.