WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
The Hacker News

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

A large-scale campaign impersonates open-source and freeware project portals to redirect users through a gated TDS and ...
The Hacker News

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...

Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking

Chrome’s DBSC update binds login sessions to user devices, making stolen session cookies harder to reuse in account hijacking ...
Mashable

ZenGo crypto wallet changes the game by being dead simple to use

Cryptocurrency wallet software can be intimidating to use. With crypto, you are your own bank, which sounds great until you realize that you and you alone are responsible to keep your money safe. In ...
PCMagOpinion

Gemini 3.5 Flash Is the Fastest AI Coding Model I've Used...and Extremely Error-Prone

Gemini 3.5 Flash is shockingly fast at generating code and spinning up agents, but that speed comes at a cost: sloppy ...
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.
Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The US cybersecurity agency CISA on Wednesday urged federal agencies to ...