News
-
WordPress Redirect Plugin Found With Hidden Backdoor for Years
Read more: WordPress Redirect Plugin Found With Hidden Backdoor for YearsA popular WordPress redirect plugin was found to contain a hidden backdoor. This issue remained undetected for years. As a result, many websites could be at risk. The plugin is widely used to manage URL…
-
73 Fake VS Code Extensions Found Spreading GlassWorm Malware
Read more: 73 Fake VS Code Extensions Found Spreading GlassWorm MalwareSecurity researchers have uncovered 73 fake Visual Studio Code extensions on the Open VSX marketplace that were linked to a malware campaign known as GlassWorm v2. The extensions copied names, icons, and descriptions of legitimate…
-
WordPress Plugin Supply Chain Attack: Smart Slider 3 Pro Backdoor Incident Explained
Read more: WordPress Plugin Supply Chain Attack: Smart Slider 3 Pro Backdoor Incident ExplainedA serious supply chain attack recently hit Smart Slider 3 Pro, a widely used plugin on WordPress and Joomla sites. Instead of exploiting a typical bug, attackers managed to compromise the official update system and…
-
Adobe Reader Zero-Day Exploit Targets Users via Malicious PDF Files
Read more: Adobe Reader Zero-Day Exploit Targets Users via Malicious PDF FilesA newly discovered zero-day vulnerability in Adobe Acrobat Reader is actively being exploited in real-world attacks, putting users at significant risk. The flaw allows attackers to execute malicious actions simply by tricking victims into opening…
-
Masjesu Botnet: Emerging DDoS-for-Hire Threat Targeting IoT Devices
Read more: Masjesu Botnet: Emerging DDoS-for-Hire Threat Targeting IoT DevicesThe Masjesu botnet is emerging as a new DDoS-for-hire service targeting Internet of Things (IoT) devices such as routers and network gateways. Active since 2023, this botnet focuses on stealth and persistence, quietly building a…
-
Docker Auth Bypass Bug Could Lead to Full Host Compromise
Read more: Docker Auth Bypass Bug Could Lead to Full Host CompromiseA high-severity vulnerability tracked as CVE-2026-34040 has been found in Docker Engine, allowing attackers to bypass authorization controls and potentially take over the host system. The flaw impacts environments that rely on authorization plugins (AuthZ)…
-
Iran-Linked Password Spraying Attack Targets Microsoft 365 Accounts
Read more: Iran-Linked Password Spraying Attack Targets Microsoft 365 AccountsCybersecurity researchers have identified a large-scale password spraying campaign linked to Iran targeting Microsoft 365 accounts across multiple regions. The attacks primarily focused on organizations in Israel and the United Arab Emirates, with hundreds of…
-
Malicious npm Packages Disguised as Plugins Target Developers
Read more: Malicious npm Packages Disguised as Plugins Target DevelopersSecurity researchers have uncovered a campaign involving 36 malicious npm packages disguised as legitimate plugins, targeting developers and backend systems. These packages impersonated popular Strapi CMS plugins, making them appear safe and trustworthy to unsuspecting…
-
Chrome Zero-Day CVE-2026-5281 Actively Exploited, Update Your Browser Now
Read more: Chrome Zero-Day CVE-2026-5281 Actively Exploited, Update Your Browser NowGoogle has released a major security update for Google Chrome to address 21 vulnerabilities, including a dangerous zero-day flaw identified as CVE-2026-5281 that is already being actively exploited. This vulnerability is a use-after-free bug found…
-
Claude Chrome Extension Bug Enables Zero-Click XSS Prompt Injection
Read more: Claude Chrome Extension Bug Enables Zero-Click XSS Prompt InjectionA critical vulnerability in the Claude Chrome Extension from Anthropic allowed attackers to inject malicious prompts without any user interaction. This flaw, known as ShadowPrompt, made it possible for a victim to be compromised simply…










