WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Computerworld

Industry

EU moves forward on $5.8B scale-up fund to keep startups from leaving The initiative is part of a broader EU push to build up the domestic tech sector and address a long-standing shortage of ...
The Hacker News

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named ...
Microsoft

Microsoft 365 Blog

Navigate blog by Navigate blog by: ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
UBS

United States of America

UBS Neo Investment Bank Client Portal Asset Management Client Portal KeyLink ...