WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Techlomedia

Nearly 2,000 WordPress Websites Infected by Malware Using Steam Profiles

A new malware campaign has compromised nearly 2,000 WordPress websites by using Steam Community profile comments to hide ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Morning Overview on MSN

Hackers just hid their phishing trap inside the Markdown links and images ChatGPT renders for you — turning the AI assistant itself into the attack channel

Ask ChatGPT to summarize a web page and you expect a tidy set of bullet points, maybe a helpful link or two. What you ...