Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
NERDBOT

7 Things to Check Before Committing to a Scraping API Plan

Selecting an automated web data harvesting platform requires careful analysis of performance metrics and subscription terms.
The Caledonian-Record

TrendAI™ Integrates Claude Compliance API Into TrendAI Vision One™

New integration makes AI visibility, governance, and risk mitigation for Claude Enterprise and Claude Platform part of extended attack surface management ...
The Caledonian-Record

APi Group Debuts on the Fortune 500 List

APi Group Corporation (NYSE: APG) (“APi” or the “Company”), a global, market-leading business services provider of safety and specialty services, today announced its debut on the 2026 Fortune 500 list ...
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Anthropic Buys The SDK Pipeline OpenAI And Gemini Depend On

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage over rivals' developer ecosystems.
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
Infosecurity-magazine.com

Stripe API Skimming Campaign Unveils New Techniques for Theft

A new skimming attack leveraging the Stripe API to steal payment information has been uncovered by cybersecurity researchers at Jscrambler. The attack, which injects a malicious script into e-commerce ...