Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is…
Tag: sites
AI, Global Security News, malware
Malware hides in Steam comments to infect WordPress sites
The malware campaign, discovered in July 2025, has affected approximately 1,980 WordPress sites.
Global Security News
Drupal bug added to CISA list of known exploited vulnerabilities
Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.
Global Security News, malware
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data.
AI, Exploits, Global Security News, malware
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites
Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS that was fixed months ago in real attacks against unpatched websites. According to Qianxin, the campaign has already affected more than 700 sites, including well-known organizations and…
Global Security News, malware
China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage
A new Darktrace report reveals how Chinese hackers use fake Apple and Yahoo sites and the FDMTP malware framework to spy on organisations.
Global Security News
Avada Builder Flaws Expose One Million WordPress Sites
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
AI, Global Security News
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.
Global Security News
Popular WordPress redirect plugin hid dormant backdoor for years
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. […]
AI, Cybersecurity, Global Security News
Structured Data: Enhancing Your Site’s SEO
In this post, I will talk about structured data for enhancing your site’s SEO. Imagine walking into a huge library looking for one specific book. You could browse every aisle and flip through dozens of covers, or you could simply look it up in the system and find it in seconds. That’s exactly what structured…
Global Security News
Infrastructure Attacks With Physical Consequences Down 25%
Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers’ relative ignorance of OT systems.
china, Global Security News, Network Security
Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network
Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
7,500+ Magento sites defaced in global hacking campaign
Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento sites, targeting e-commerce platforms, global brands, and government services. According to cybersecurity firm Netcraft, attackers placed plaintext defacement files across more than 15,000 hostnames, directly compromising affected infrastructure.…
Cybersecurity, Global Security News
Hot Tips for Finding the Best Stock Photography Sites (20 Platforms to Explore)
In this post, I will give you hot tips for finding the best stock photography sites. Stock photography is one of the most valuable tools for writers, marketers, and designers creating digital content. The right image can instantly make an article more engaging, improve social media performance, and help illustrate complex topics. With hundreds of…
AI, Global Security News
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites
SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.
AI, Exploits, Global Security News, Risk Management
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
Threat actors use custom AuraInspector to harvest data from Salesforce systems
Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool to exploit misconfigurations and access sensitive data. Salesforce CSOC warns that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool. AuraInspector is an open‑source command‑line tool released by Google/Mandiant to audit Salesforce Aura and Experience…
Global Security News
The Most Common Swap Scams in 2026, and How to Avoid Them
Swap scams target traders through fake DEX sites, token approvals, and phishing. Learn how to detect swap scams and protect funds before you swap now.
AI, Global Security News
ClawJacked flaw exposed OpenClaw users to data theft
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released…
AI, Europe, Global Security News
Social Media Platforms Earn Billions from Scam Ads
Revolut claims social media sites make £3.8bn annually from scam ads targeting European users
cyber attack, cyber attacks, Global Security News, Security
Sanctioned Bulletproof Host Linked to Hijacking of Old Home Routers
Compromised home routers in 30+ countries had DNS traffic redirected, sending users to malicious sites while normal browsing appeared unaffected.