The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
The Hacker News

exploit | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai , Gafgyt , and Mozi . "These ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
SecurityWeek

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

A vulnerability in the WP Maps Pro WordPress plugin has been exploited to create admin accounts and take over vulnerable sites.
SecurityWeek

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

Hundreds of thousands of websites are potentially exposed to attacks exploiting two vulnerabilities in the Kirki and Burst Statistics WordPress plugins, Defiant warns. Kirki provides website and ...
Dark Reading

Application Security

Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
Microsoft

Microsoft 365 Blog

Navigate blog by Navigate blog by: ...