The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Blue Headlineq

Week in Cybersecurity: 338 New Vulnerabilities, 11 Critical (April 07 – April 14, 2026)

This week in cybersecurity: 338 new CVEs published including 11 critical severity. 9 vulnerabilities added to CISA KEV catalog. Plus major developments in AI security, supply chain attacks, and ...

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
GitHub

win-ad-PowerShell Active Directory module called from a non administrative host.yaml

description: Detects scenarios where an attacker attempts to load the Active Directory PowerShell module on a non administrative host in order to enumerate users, groups, ... Also note that no user ...
GitHub

win-ad-replication privilege granted (SecretDump, DCsync).yaml

requirements: auditing SACL "Modify permissions" must be placed on the root domain container (otherwise not visible) using the Active Directory console (https://www ...