Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.

Three popular plugins served malicious JavaScript through a compromised CDN.

WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive's content distribution network (CDN). Of the three products, the ...

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

WordPress 7.0 "Armstrong," released May 20, 2026, arrived without the real-time collaborative editing feature that had been its stated centerpiece for months — and within two days of launch, a ...

Security researchers from GoDaddy found a cheeky new malware campaign that used comments made by Steam Community accounts as command-and-control (C2) infrastructure. Here is how the attack plays out: ...

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. The vulnerability, tracked ...

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

WP Engine, a global web enablement company providing premium products and solutions for websites built on WordPress® 1, today announced Global Edge Security (GES), powered by Cloudflare, now has ...