OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise.
20 articles
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise.
Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reus...
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting fro...
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reportin...
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered a...
CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deploymen...
Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these system...
By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to...
Other noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident respon...
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
ZeroFox launched ZeroFox AI Analytics, a new platform capability that gives security teams real-time visibility into the signals, patterns, and trends shapin...
Attackers registered roughly 1.5 million malicious domains during the first five months of 2026.
Data centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Ea...
A rapidly developing software supply chain attack known as Miasma is one of the latest to move from targeting Red Hat npm packages to infecting numerous Micr...
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, accordi...
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit.
GitHub has announced a major security-focused overhaul of npm with the upcoming release of npm v12, introducing stricter default controls designed to mitigat...
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust ...
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software suppl...
See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the execut...