Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Cloudflare made a WordPress for AI agents

It announced a new open-source system, called EmDash, that’s supposed to address the “core problems that WordPress cannot ...
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

Bluesky users are mastering the fine art of blaming everything on “vibe coding”

Bluesky CTO Paul Frazee later joined in with a (perhaps joking) reply to Johnson saying, “I vibecode at least as much.” Later ...