WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags 'OSM Portal Flaws', Board Rejects Claims

CBSE says that a URL mentioned in social media posts on the 'hacking' incident was only a testing platform containing sample ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
eWeek

‘ChatGPhish’ Attack Turns ChatGPT Summaries Into Phishing Lures

Permiso researchers found ChatGPhish, a prompt-injection issue that can cause ChatGPT summaries to display phishing links, ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Morning Overview on MSN

Hackers just hid their phishing trap inside the Markdown links and images ChatGPT renders for you — turning the AI assistant itself into the attack channel

Ask ChatGPT to summarize a web page and you expect a tidy set of bullet points, maybe a helpful link or two. What you ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...