WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Dark Reading

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

Threat actors have taken a campaign that uses fake browser updates to spread malware to a new level, weaponizing scores of WordPress plug-ins to deliver malicious infostealing payloads, after using ...
Technical

Women/InTech: 50 women talk WordPress, JavaScript, startups

Spun out of a roundtable on sustaining a growth of female technologists, Baltimore’s first Women/InTech conference brought out some 50 women for an entry point into the technology community during ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
Ars Technica

Hundreds of WordPress sites infected by recently discovered backdoor

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup ...
Searchenginejournal.com

Core Web Vitals: WordPress And Astro Versus Everyone Else

HTTP Archive’s latest Core Web Vitals Technology Report ranks seven content management platforms and offers the surprising insight that page weight and PageSpeed Insights Lighthouse scores do not ...