WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.
InfoQ

Java News Roundup: OpenJDK JEPs, Hazelcast, Quarkus, Hibernate, Koog, JHipster, Introducing ...

A monthly overview of things you need to know as an architect or aspiring architect.
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and ...
Security Boulevard

Attackers adopt JavaScript runtime Bun to spread NWHStealer

The post Attackers adopt JavaScript runtime Bun to spread NWHStealer appeared first on Malwarebytes. In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers ...
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
C&EN

DNA-Encoded Library Hit Confirmation: Bridging the Gap Between On-DNA and Off-DNA Chemistry

Encoded Library Technologies/NCE Molecular Discovery, R&D Medicinal Science and Technology, GlaxoSmithKline, 200 Cambridge Park Drive, Cambridge, Massachusetts 02140, United States ...