Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Three popular plugins served malicious JavaScript through a compromised CDN.

Authorities announced taking down 106 SocGholish botnet C&C servers and domains, and cleaning up 15,000 WordPress websites.

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.

WordPress 7.0 "Armstrong," released May 20, 2026, arrived without the real-time collaborative editing feature that had been its stated centerpiece for months — and within two days of launch, a ...

Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP flaw enables takeover.

International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian ...

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. The vulnerability, tracked ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Security researchers from GoDaddy found a cheeky new malware campaign that used comments made by Steam Community accounts as command-and-control (C2) infrastructure. Here is how the attack plays out: ...