The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...
Morningstar

Publishing System

Use our turnkey document management solution to centralize and securely deliver quality factsheets, regulatory documents, and marketing communications. Outsource report production completely or weave ...

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...