Hackers exploit little-known WordPress MU-plugins feature to hide malware

April 1, 2025

Read Time:13 Second

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites.

Read more in my article on the Hot for Security blog.

Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers

Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details,...

April 2, 2025

Stripe API Skimming Campaign Unveils New Techniques for Theft

A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious...

April 2, 2025

Royal Mail Investigates Data Breach Affecting Supplier

A cyber threat actor has claimed to have leaked 144GB of data from Royal Mail users Read More

April 2, 2025

Gray Bots Surge as Generative AI Scraper Activity Increases

Gray bots surge as generative AI scraper activity increases, impacting web applications with millions of requests daily Read More

April 2, 2025

Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK

Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase Read More

April 2, 2025

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security...

April 2, 2025

Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers

Stripe API Skimming Campaign Unveils New Techniques for Theft

Royal Mail Investigates Data Breach Affecting Supplier

Gray Bots Surge as Generative AI Scraper Activity Increases

Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK

Rational Astrologies and Security

North Korea’s Fake IT Worker Scheme Sets Sights on Europe

Steam Surges to Top of Most Spoofed Brands List in Q1

ICO Apologizes After Data Protection Response Snafu

Hackers exploit little-known WordPress MU-plugins feature to hide malware

Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers

Stripe API Skimming Campaign Unveils New Techniques for Theft

Royal Mail Investigates Data Breach Affecting Supplier

Gray Bots Surge as Generative AI Scraper Activity Increases

Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK

Rational Astrologies and Security