WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags 'OSM Portal Flaws', Board Rejects Claims

CBSE says that a URL mentioned in social media posts on the 'hacking' incident was only a testing platform containing sample ...
The Hacker News

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Google Chrome is warning developers that WebMCP tools can be used to manipulate and hijack AI agents. New guidance outlines ...
Nature

Is the peptide craze backed by science? The promise behind the hype

Peptide injections are the hottest trend in wellness. Researchers say enthusiasm for these unregulated drugs has got ahead of ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.