The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

State won't file charges against teacher accused of hitting student

Melanie Garcia, 21, was arrested May 15 accused of child abuse for an incident. A month later, prosecutors declined to file ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...

Federal bureaucrat cleared over alleged improper deletion of ArriveCan records

Minh Doan, a senior public servant and former vice-president and chief information officer at the Canada Border Services ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Epstein files include nearly 100 phone calls linked to Naples

In multiple phone logs included in the Epstein files, Naples appears as a destination city in entries from January to March 2005.

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
The Canadian Press on MSN

Alberta files appeal on court decision to throw out separatist referendum petition

EDMONTON — Alberta's government has filed its appeal of a judge's decision to quash a petition looking to force a vote on the ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...