The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Strategic reinvestment: How Menashe Properties plans to 'flip the script' on 180 N. LaSalle

Menashe Properties has snagged its third Chicago office tower as prices crater. Here's how the firm wants to "flip the script ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Washington Informer

Wizards Handle Business Ahead of NBA Draft, Strike Massive Deal Keeping Trae Young In Washington

Washington Wizards secure Trae Young's future with a $212 million contract. The move strengthens their rebuild and signals playoff contention.

Portugal blowout win over Uzbekistan brings Ronaldo back to life in World Cup

Cristiano Ronaldo grabbed a World Cup record and Portugal bounced back emphatically from a disappointing World Cup opener, ...
SecurityWeek

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

Hackers are 'using your friends’ WhatsApp accounts' to take over your computer: Report

Cybercriminals are launching a massive global malware campaign by hijacking WhatsApp accounts to break into users’ computers.

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...