The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
Game Rant

NTE Codes (Neverness to Everness Redeem Codes)

Nahda Nabiilah is a writer and editor from Indonesia. She has always loved writing and playing games, so one day she decided to combine the two. Most of the time, writing gaming guides is a blast for ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
InfoQ

Anthropic Introduces Agent-Based Code Review for Claude Code

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Dark Reading

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In the wake of a major takedown of phishing's biggest brand name, Tycoon 2FA, phishers worldwide have scattered. Some have stuck around, but many have moved to other phishing service providers, and ...
InfoQ

Cloudflare Launches Code Mode MCP Server to Optimize Token Usage for AI Agents

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
TechCrunch

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on ...
Wired

Cursor Launches a New AI Agent Experience to Take On Claude Code and Codex

Cursor announced Thursday the launch of Cursor 3, a new product interface that allows users to spin up AI coding agents to complete tasks on their behalf. The product, which was developed under the ...
The Verge

Claude Code leak exposes a Tamagotchi-style ‘pet’ and an always-on agent

The more than 512,000 lines of leaked code appear to show unreleased features, instructions for Claude, and more. The more than 512,000 lines of leaked code appear to show unreleased features, ...