Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
TechRound

How Did Cybercriminals Use Fake New York Times Pages To Scam Users?

Researchers at Comparitech want to understand the systems working behind spam emails that promise some sort of reward, ...
Agence France-Presse

The Open Group Launches the Open Footprint® Standard, Edition 1.0 to Streamline Scope 1, 2, and 3 Emissions Management

The Open Group, the vendor-neutral technology and standards organization, today announced the release of the Open Footprint ® Standard, Edition 1.0, that will help organizations streamline scope 1, 2, ...
How-To Geek on MSN

I saved my favorite parts of the internet for $0—and it only took me 30 mins

Thirty minutes of setup, zero dollars spent, and I'll never lose a link again.
The Hacker News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
SecurityWeek

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Threat actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege ...
The Business Journals

Village Inn operator in Tampa Bay files for bankruptcy, cites hurricane setbacks

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The franchisee operator plans to ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
ZDNet

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
GitHub

Catch the slop AI coding agents leave in your code.

The patterns Claude Code, Cursor, Codex, and OpenCode leave behind: narrative comments above self-explanatory code, swallowed exceptions, as any casts, hallucinated imports, duplicated helpers, dead ...