ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...

Three popular plugins served malicious JavaScript through a compromised CDN.

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

A discussion on Twitter about the many people posting that they’ve left WordPress for Astro went modestly viral, with longtime WordPress supporters explaining why they ditched WordPress for Astro.

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...

Our in-house experts conduct internal independent, hands-on testing and transparent reviews of web hosting providers by using custom-built tools or utilizing industry-recognized tools and methods to ...

Google speeds up Chrome’s release cycle to biweekly updates, a move affecting 3 billion users as AI-powered browsers like Atlas and Comet emerge. Google has announced that it will speed up Chrome’s ...

‘EtherHiding’: Nation-state and cybercriminal groups are leveraging smart contracts as command-and-control servers for deliveing malicious payloads hidden on blockchains. Nation-state threat actors ...