The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
Decrypt

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.

Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts

A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine ...