Bleeping Computer

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...
Ars Technica

Researchers cause GitLab AI developer assistant to turn safe code malicious

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...
Bleeping Computer

Fake WhatsApp developer libraries hide destructive data-wiping code

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. Two malicious NPM ...