The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.

Cloudflare acquires VoidZero, maker of the Vite JavaScript toolchain

Cloudflare Inc. today said it has acquired VoidZero Inc., the open-source company behind Vite and the widely used JavaScript build tools that surround it, in a move to position its developer platform ...

RPG Maker and the New Dark Age of Information: How the Internet Is Losing Its Memory

That is exactly what is happening to the RPG Maker forums, and people are rightfully angry about it. Gotcha Gotcha Games, the ...
Bleeping Computer

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. The vulnerability, tracked ...

OpenAI expands Daybreak with Patch the Planet and full GPT-5.5-Cyber release

OpenAI Group PBC today expanded its Daybreak cybersecurity program with a new open-source patching initiative called Patch ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
SecurityWeek

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP flaw enables takeover.
The Herald Bulletin

Dream take on the Valkyries, aim for 5th straight win

Atlanta heads into a matchup against Golden State as winners of four games in a row. Wednesday's matchup is the first of the season between the two teams. Golden State ...