WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Techlomedia

Nearly 2,000 WordPress Websites Infected by Malware Using Steam Profiles

A new malware campaign has compromised nearly 2,000 WordPress websites by using Steam Community profile comments to hide ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
eWeek

‘ChatGPhish’ Attack Turns ChatGPT Summaries Into Phishing Lures

Permiso researchers found ChatGPhish, a prompt-injection issue that can cause ChatGPT summaries to display phishing links, ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Morning Overview on MSN

Hackers just hid their phishing trap inside the Markdown links and images ChatGPT renders for you — turning the AI assistant itself into the attack channel

Ask ChatGPT to summarize a web page and you expect a tidy set of bullet points, maybe a helpful link or two. What you ...