WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Techlomedia

Nearly 2,000 WordPress Websites Infected by Malware Using Steam Profiles

A new malware campaign has compromised nearly 2,000 WordPress websites by using Steam Community profile comments to hide ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account ...

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
GitHub

Koko Analytics for WordPress

Koko Analytics is a fast, privacy-friendly, open-source analytics plugin for WordPress — no cookies, no tracking, no external services. Screenshot of the Koko Analytics dashboard. You can view a live ...
The Caledonian-Record

WP Engine Enhances Global Edge Security With Bot Management to Control AI-Driven Website ...

WP Engine, a global web enablement company providing premium products and solutions for websites built on WordPress® 1, today ...
Bitdefender

Bitdefender Labs

Daily source of cyber-threat information. Established 2001.
Microsoft

Microsoft 365 Blog

Navigate blog by Navigate blog by: ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...