WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...