Three popular plugins served malicious JavaScript through a compromised CDN.

Researchers at Comparitech want to understand the systems working behind spam emails that promise some sort of reward, ...

Thirty minutes of setup, zero dollars spent, and I'll never lose a link again.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Threat actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege ...

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

The Prime Minister of the UK Government, Sir Keir Starmer, has today confirmed that they will introduce an internet Social ...