The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

FPJ Exclusive: Meet Nisarga, The 19-Year-Old Ethical Hacker Who Flagged Alleged CBSE Portal Issues In February 2026

Fresh concerns have emerged over CBSE’s online portal after a 19-year-old cybersecurity researcher alleged vulnerabilities ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...

AI agents need more than reasoning: they need to actually use the web

A company rolls out an AI customer service assistant. The model behind it is current and capable enough for the job. The assistant goes live. Within a week, support tickets are getting worse, not ...

FBI Warns Cyber Criminals Are Using Traffic Distribution Systems to Spread Malware, Phishing Scams and Ransomware

FBI warns cyber criminals are using Traffic Distribution Systems to redirect users to phishing sites, malware downloads, ...
Bleeping Computer

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. The vulnerability, tracked ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
CoinDesk

Solana, Sui and Aptos wallet data targeted in TrapDoor package attack

A newly discovered supply-chain campaign called TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io to target crypto and cloud developers. The packages, disguised as ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...