Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

WordPress's massive installed base isn't going anywhere, but many developers and AI agents are not opting for the product for new sites. Will they go for Cloudflare instead?

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...

Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication ...

More than 20,000 WordPress sites were compromised after malicious plugins with hidden backdoors spread harmful code, raising serious concerns over plugin security and supply chain attacks.

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

Dozens of WordPress plug-ins have been pulled after a hidden backdoor reportedly exposed thousands of websites to malicious code, following a stealthy ownership takeover in a growing supply chain ...

Last year, the best we could say about AI website builders is they had potential. This year, we found some that can actually ...

In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security.

A major global phishing network, W3LL, has been dismantled by the FBI and Indonesian authorities, preventing over $20 million in fraud. This sophisticated operation, which sold account credentials and ...