Hackers exploit little-known WordPress MU-plugins feature to hide malware

April 1, 2025

Read Time:13 Second

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites.

Read more in my article on the Hot for Security blog.

Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses

A joint cybersecurity advisory warns organizations globally about the defense gap in detecting and blocking fast flux techniques, which are...

April 4, 2025

Troy Hunt Gets Phished

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long,...

April 4, 2025

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo Alto Networks Read More

April 4, 2025

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code...

April 4, 2025

Major Online Platform for Child Exploitation Dismantled

An international law enforcement operation has shut down Kidflix, a platform for child sexual exploitation with 1.8m registered users Read...

April 3, 2025

CrushFTP Vulnerability Exploited Following Disclosure Issues

A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process Read More

April 3, 2025

Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses

Troy Hunt Gets Phished

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Major Online Platform for Child Exploitation Dismantled

CrushFTP Vulnerability Exploited Following Disclosure Issues

HellCat ransomware: what you need to know

Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware

Web 3.0 Requires Data Integrity

Hackers exploit little-known WordPress MU-plugins feature to hide malware

Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses

Troy Hunt Gets Phished

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Major Online Platform for Child Exploitation Dismantled

CrushFTP Vulnerability Exploited Following Disclosure Issues