The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
SecurityWeek

SAP Patches Critical ABAP Vulnerability

SAP has released 19 new security notes on its April 2026 security patch day, including one that resolves a critical-severity ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
The Hacker News

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...

60,000 WordPress sites at risk due to plugin security flaw

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...