The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Telegraph Herald

Federal government seeks to halt Illinois city's reparations program for Black people

The federal government on Tuesday asked a judge to halt the United States’ first reparations program that offered Black ...

Cone Health files for $320M hospital in Forsyth County amid territorial battle

It comes two years after a settlement with Atrium Health Wake Forest Baptist. Leaders in Diversity 2026 Join us to celebrate ...
InfoWorld

10 tips for getting better R code from your AI coding agent

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...

Epstein files include nearly 100 phone calls linked to Naples

In multiple phone logs included in the Epstein files, Naples appears as a destination city in entries from January to March 2005.

Louisville bath products company files for bankruptcy

Louisville-based Better Bath Better Body LLC filed for Chapter 11 bankruptcy protection as revenue declined and liabilities ...

State won't file charges against teacher accused of hitting student

Melanie Garcia, 21, was arrested May 15 accused of child abuse for an incident. A month later, prosecutors declined to file ...

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...