Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
GitHub

Enforce best practices for JavaScript promises.

Set in the flat/recommended configuration. Set in the recommended configuration.

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
The Herald Bulletin

Dream take on the Valkyries, aim for 5th straight win

Atlanta heads into a matchup against Golden State as winners of four games in a row. Wednesday's matchup is the first of the season between the two teams. Golden State ...

RPG Maker and the New Dark Age of Information: How the Internet Is Losing Its Memory

That is exactly what is happening to the RPG Maker forums, and people are rightfully angry about it. Gotcha Gotcha Games, the ...
CU Independent

From Browser Games to the Cloud: How Online Gaming Platforms Transformed

Online games have gone through significant changes over the past couple of years. A decade or two ago, all we had were a ...
The Herald Bulletin

Mariners visit the Pirates to begin 3-game series

The Pittsburgh Pirates host the Seattle Mariners to start a three-game series.
The Hacker News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...
Hackaday

This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed ...

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...
SecurityWeek

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe ...

Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP flaw enables takeover.
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...