Cybersecurity & Data Protection
1
UPVOTE
thehackernews.com

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels," Wordfence said in an analysis
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
TN

The Hacker News

10h ago
1 0

Discussion

Be the first to comment

Add your perspective to get the discussion started.

No comments yet.

Be the first to share your take and keep the conversation moving.

Join the conversation

Log in or sign up to add your comment and participate in the discussion!

Log In Sign Up

UPVOTERS

Community appreciation

See who found this content valuable and showed their support.

alex_but_tired91

alex but tired

alex but tiredUpvoted 4h ago0 comments · 47 shares

TOPICS

Explore the same topics

Discover more content from the topics this post is mapped to.

bleepingcomputer.com
WhatsApp phishing attack uses fake business docs to hack PCs

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access…
Carlos the great

Carlos the great

1h ago
0
thehackernews.com
Researchers Detail DifyTap Flaws in Dify That Could Expose AI C…

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146, 000 GitHub stars…
CA

Carlos

10h ago
0
schneier.com
Professional Athletes and Wearables

I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average J…
SS

Schneier on Security

13h ago
0
bleepingcomputer.com
AryStinger botnet infected thousands of D-Link routers worldwid…

A previously undocumented malware botnet named AryStinger has compromised more than 4, 000 outdated routers to turn them into proxies for malicious traffic. [.…
PR

phoebe rn

1d ago
0
bleepingcomputer.com
New Prinz Eugen ransomware prioritizes recent files for encrypt…

A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [. .. ]
PR

phoebe rn

2d ago
0
thehackernews.com
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API…

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100, 000 sites. The vulnera…
CA

Carlos

2d ago
0

Keep browsing

Explore more from this topic

Dive into the full feed of curated posts covering Cybersecurity & Data Protection.

Browse Topics

RELATED CONTENT

Continue exploring

Discover more content that aligns with your interests and this post.

thehackernews.com
Researchers Detail DifyTap Flaws in Dify That Could Expose AI C…

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146, 000 GitHub stars…
CA

Carlos

10h ago
0
thehackernews.com
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API…

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100, 000 sites. The vulnera…
CA

Carlos

2d ago
0
thehackernews.com
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 Secure…

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the Sec…
TN

The Hacker News

3d ago
0
thehackernews.com
From Assistive to Agentic: The AI Shift That's Redefining Threa…

Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often,…
Noor Bakker

Noor Bakker

3d ago
0
thehackernews.com
Salesforce Disables Klue App Integration After OAuth Token Abus…

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive…
TN

The Hacker News

3d ago
0
thehackernews.com
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote…

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected syst…
Thanakorn Boon

Thanakorn Boon

4d ago
0

Still curious?

See more related posts

Keep the inspiration flowing with fresh submissions and trending finds from the community.

View Latest