Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

Getting started

This guide will cover the basics of installing the Glow JavaScript library, and a few simple examples of using Glow to get you started. We are assuming you have at least a working knowledge of ...

Discord down today: What is wrong with servers? Company addresses API errors - how to fix

If Discord is not working properly for you, these are the most common fixes: Close the app fully and reopen it. Use the official status page to confirm whether the issue is widespread. Corrupted cache ...
Bleeping Computer

What Happens in the First 24 Hours After a New Asset Goes Live

The moment a new asset gets a public IP address, a clock starts. Not a slow one. A relentless, automated one. The gap between “this just went live” and “this is being actively probed” is minutes, not ...
TechRepublic

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...
theregister

Security boffins scoured the web and found hundreds of valid API keys

Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages. The researchers detail their findings in a preprint ...
techtimes

API Key Leak Exposes AWS, Stripe, OpenAI Credentials Across Thousands of Sites

A large-scale cybersecurity study has revealed a serious global web security issue involving exposed API credentials tied to major platforms, including Amazon Web Services, Stripe, and OpenAI. After ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
GitHub

JavaScript API for georeferenced data viewing in web applications.

API SITNA is a JavaScript API that enables us to include an interactive map viewer, representing geographically referenced information, in web pages and web application. This SITNA product has been ...
Infosecurity-magazine.com

Stripe API Skimming Campaign Unveils New Techniques for Theft

A new skimming attack leveraging the Stripe API to steal payment information has been uncovered by cybersecurity researchers at Jscrambler. The attack, which injects a malicious script into e-commerce ...