More than 40,000 WordPress sites affected by malware flaw

Kiswahili

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

The cybersecurity community has raised alarms over a newly discovered malware flaw targeting WordPress sites. According to reports, more than 40,000 installations are at risk due to a vulnerability in a widely used quiz plugin. This plugin, which enables interactive quizzes on websites, contains a weakness that can be exploited for SQL injection attacks.

SQL injection is a common hacking technique where attackers insert malicious code into a query, potentially stealing data or disrupting site functions. The flaw's discovery highlights ongoing challenges in securing content management systems like WordPress, which powers a significant portion of the web.

Site administrators are advised to review their plugins and apply any available updates or patches immediately. While specific details on the plugin's name were not disclosed in initial reports, the scale of the affected sites underscores the urgency of the situation. TechRadar published the findings on February 4, 2026, emphasizing the need for users to verify if their sites are compromised.

This incident serves as a reminder of the importance of regular security audits for WordPress users. No further details on exploitation or mitigation steps were provided in the initial alert, but experts recommend monitoring for unusual activity.

Makala yanayohusiana

Illustration of a developer's desk with a computer screen showing malicious npm packages stealing credentials across platforms, highlighting cybersecurity risks.
Picha iliyoundwa na AI

Malicious npm packages steal developer credentials on multiple platforms

Imeripotiwa na AI Picha iliyoundwa na AI

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

WordPress plugin Ally carries SQL injection flaw risking 250,000 sites

A security vulnerability in the WordPress plugin Ally has been identified as an SQL injection flaw. This issue could potentially affect up to 250,000 websites using the plugin. The flaw was reported in a TechRadar article published on March 12, 2026.

Critical flaws discovered in n8n workflow tool

Imeripotiwa na AI

Security researchers have uncovered critical vulnerabilities in the n8n automation tool. A previously released patch failed to fully address the issues, leaving users exposed. Experts provide guidance on protecting systems amid these discoveries.

Teknolojia

North Korean hackers exploit maximum severity React2Shell flaw

Teknolojia

Dell zero-day flaw unpatched for nearly two years

Teknolojia

Photo ID apps leak user data affecting over 150,000

Huge data leak exposes 149 million credentials without protection

A massive data breach has come to light, involving 149 million credentials left exposed online. The 98GB cache includes unique usernames and passwords from financial services, social media, and dating apps. The discovery highlights ongoing vulnerabilities in digital security.

Veeam patches three critical security flaws in backup servers

Imeripotiwa na AI

Veeam has addressed three critical-severity security vulnerabilities that could expose backup servers to remote code execution attacks. The company issued patches to mitigate these risks. The announcement highlights ongoing concerns in cybersecurity for data protection tools.

BeyondTrust RCE flaw enables code execution without login

A critical remote code execution vulnerability has been discovered in multiple BeyondTrust products. The flaw, rated 9.9 out of 10 in severity, allows hackers to run code on affected systems without needing to log in. The issue was reported on February 10, 2026.

Microsoft Copilot faces single-click prompt injection vulnerability

Imeripotiwa na AI

Security firm Varonis has identified a new method for prompt injection attacks targeting Microsoft Copilot, allowing compromise of users with just one click. This vulnerability highlights ongoing risks in AI systems. Details emerged in a recent TechRadar report.

Jumatatu, 23. Mwezi wa tatu 2026, 09:31:59

Researchers uncover leaked API keys on nearly 10,000 websites

Jumatano, 18. Mwezi wa tatu 2026, 22:56:53

New DarkSword tool targets hundreds of millions of iPhones

Jumatano, 11. Mwezi wa tatu 2026, 14:00:34

Google report warns of shifting cloud threat landscape

Jumatano, 25. Mwezi wa pili 2026, 16:14:20

Frivol adult site reports data leak affecting 479,000 users

Jumanne, 17. Mwezi wa pili 2026, 02:30:36

Research uncovers flaws in password managers' zero-knowledge claims

Jumatano, 4. Mwezi wa pili 2026, 19:25:39

Russian hackers exploit Microsoft Office vulnerability days after patch

Jumanne, 27. Mwezi wa kwanza 2026, 23:02:25

Microsoft patches security flaw in Office software

Jumanne, 13. Mwezi wa kwanza 2026, 14:43:27

US government urged to patch critical Gogs security flaw

Jumatano, 7. Mwezi wa kwanza 2026, 09:35:24

Gobruteforcer botnet targets Linux servers worldwide

Jumatatu, 15. Mwezi wa kumi na mbili 2025, 07:33:41

Apple fixes zero-day flaws in WebKit for sophisticated attacks

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa