More than 40,000 WordPress sites affected by malware flaw

Kiswahili

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

The cybersecurity community has raised alarms over a newly discovered malware flaw targeting WordPress sites. According to reports, more than 40,000 installations are at risk due to a vulnerability in a widely used quiz plugin. This plugin, which enables interactive quizzes on websites, contains a weakness that can be exploited for SQL injection attacks.

SQL injection is a common hacking technique where attackers insert malicious code into a query, potentially stealing data or disrupting site functions. The flaw's discovery highlights ongoing challenges in securing content management systems like WordPress, which powers a significant portion of the web.

Site administrators are advised to review their plugins and apply any available updates or patches immediately. While specific details on the plugin's name were not disclosed in initial reports, the scale of the affected sites underscores the urgency of the situation. TechRadar published the findings on February 4, 2026, emphasizing the need for users to verify if their sites are compromised.

This incident serves as a reminder of the importance of regular security audits for WordPress users. No further details on exploitation or mitigation steps were provided in the initial alert, but experts recommend monitoring for unusual activity.

Makala yanayohusiana

Illustration of a developer's desk with a computer screen showing malicious npm packages stealing credentials across platforms, highlighting cybersecurity risks.
Picha iliyoundwa na AI

Malicious npm packages steal developer credentials on multiple platforms

Imeripotiwa na AI Picha iliyoundwa na AI

Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.

Microsoft patches security flaw in Office software

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

Russian hackers exploit Microsoft Office vulnerability days after patch

Imeripotiwa na AI

Russian state-sponsored hackers quickly weaponized a newly patched Microsoft Office flaw to target organizations in nine countries. The group, known as APT28, used spear-phishing emails to install stealthy backdoors in diplomatic, defense, and transport entities. Security researchers at Trellix attributed the attacks with high confidence to this notorious cyber espionage unit.

Teknolojia

Microsoft Copilot faces single-click prompt injection vulnerability

Linux

Attackers hijack Linux Snap Store apps to steal crypto phrases

Teknolojia

IBM's AI Bob vulnerable to malware manipulation

Zombie domains expose Snap Store to supply chain attacks

A critical vulnerability in Canonical's Snap Store allows attackers to hijack abandoned Linux applications by purchasing expired domains. This method enables malicious updates to be pushed automatically to users' systems. The issue was highlighted in an analysis by former Canonical engineer Alan Pope.

Hackers steal millions of Pornhub users' data for extortion

Imeripotiwa na AI

Hackers have accessed and stolen personal information from millions of Pornhub users, aiming to use the data for extortion schemes. The incident was highlighted in a WIRED security news roundup.

Thousands of Korean Air employees exposed in Oracle breach

Korean Air, a major South Korean airline, has been affected by a supply-chain attack originating from Oracle, resulting in the exposure of thousands of its employees' information. The incident highlights vulnerabilities in third-party software services. Details emerged in a recent security report.

The myth of Linux's invincibility in enterprise security

Imeripotiwa na AI

Linux systems face significant risks from unpatched vulnerabilities, challenging the notion of their inherent security. Experts emphasize the need for automated patch management to protect open-source enterprises effectively.

Ijumaa, 23. Mwezi wa kwanza 2026, 05:13:14

Fortinet FortiGate devices face automated attacks creating rogue accounts

Ijumaa, 23. Mwezi wa kwanza 2026, 02:03:13

Huge data leak exposes 149 million credentials without protection

Jumatano, 14. Mwezi wa kwanza 2026, 06:04:56

Hackers hijack LinkedIn comments to spread malware

Jumanne, 13. Mwezi wa kwanza 2026, 14:43:27

US government urged to patch critical Gogs security flaw

Jumatano, 7. Mwezi wa kwanza 2026, 09:35:24

Gobruteforcer botnet targets Linux servers worldwide

Alhamisi, 25. Mwezi wa kumi na mbili 2025, 10:53:34

LastPass 2022 breach enables years of cryptocurrency thefts

Jumatatu, 22. Mwezi wa kumi na mbili 2025, 16:25:40

HPE urges immediate patching of OneView after critical security flaw found

Jumanne, 16. Mwezi wa kumi na mbili 2025, 23:12:04

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Jumatatu, 15. Mwezi wa kumi na mbili 2025, 07:33:41

Apple fixes zero-day flaws in WebKit for sophisticated attacks

Jumatano, 10. Mwezi wa kumi na mbili 2025, 07:11:22

North Korean hackers exploit maximum severity React2Shell flaw

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa