WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Opinion
Foreign AffairsOpinion

Iran Embraces a Forever War

For the last two months, Iran and the United States have carried out fitful, unsuccessful peace negotiations. After striking a very shaky ceasefire agreement at the beginning of April, officials from ...
Foreign Affairs

Ukraine Turns the Tide

The war in Ukraine has reached a turning point. Since the failure of Ukraine’s 2023 counteroffensive, Russia’s full-scale invasion settled into a predictable rhythm of summer and winter offensives, ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.