More than 40,000 WordPress sites affected by new malware flaw

A popular WordPress quiz plugin can be abused to mount SQL injection attacks ...

The Cost of AI Slop in Lines of Code

In the quest to get as much training data as possible, there was little effort available to vet the data to ensure that it ...
CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old ...
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...
CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities.

NGINX servers hijacked in global campaign to redirect traffic

Redirected traffic can be abused in multiple ways, experts warn ...

Glances 4.5.0: System monitoring with NPU and ZFS support

Open-source monitoring tool Glances supports Neural Processing Units and ZFS for the first time in version 4.5.0. Security vulnerabilities have also been fixed.

How Jeffrey Epstein Manipulated Google Search To Bury His Past

Using a mix of search engine experts and “hackers,” Epstein sought to promote his philanthropy so he could bury negative news ...

Password guessing without AI: How attackers build targeted wordlists

Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password ...
SecurityWeek

Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks

AI agent social network Moltbook vulnerability exposing sensitive data and malicious activity conducted by the bots.
Microsoft

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...