Last week I encountered a supply-chain incident that felt eerily familiar but much larger in scale. A client’s dashboard had started showing a warning from the WordPress.org Plugins Team about a plugin serving code that could permit unauthorized access. A deeper dive revealed an attacker had quietly weaponized an entire portfolio of plugins—planting a backdoor that lay dormant for months
Author: Saugata Datta
I’m an IT/DevOps professional with many years of hands-on experience across Windows, Linux, Automation, Backup and Cloud. I love building real-world automations to make infrastructure reliable, secure, and self-healing. Through this blog, I share practical learnings from enterprise projects and my home-lab experiments on Cloudflare, Self-Hosting and everything in between. Always tinkering, always improving.
Rockstar’s GTA Data Leak: ShinyHunters Expose 78.6M Records via Anodot–Snowflake Pivot
Rockstar Games confirmed in April 2026 that a third-party compromise led to a substantial exposure of analytics records tied to GTA Online and Red Dead Online. Although player accounts and payment systems were reportedly unaffected, the incident highlights how attackers are increasingly leveraging trusted SaaS integrations and stolen service tokens to pivot into high-value environments. This post unpacks the timeline,
Building an AI Coding Tool Stack for Modern Development
The past few years have quietly transformed how software is written. AI-assisted tools are no longer experimental add-ons; they’re becoming integral parts of developer workflows. But picking the right combination of models, integrations, and guardrails is more art than science. This article walks through a pragmatic approach to assembling an AI coding tool stack that improves productivity without sacrificing code
OpenAI Revokes macOS App Certificate After Axios Supply-Chain Compromise
OpenAI has publicly disclosed a supply‑chain incident that affected the signing workflow for its macOS applications and, out of caution, is revoking and rotating the certificate used to notarize those apps. The company’s investigation found that a GitHub Actions workflow used in the macOS signing process pulled a compromised release of the widely used npm library Axios (version 1.14.1). Although
Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication
A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents
Compromised Trust: CPUID Supply‑Chain Attack Served Trojanized CPU‑Z and HWMonitor Installers
Hackers briefly hijacked a CPUID distribution channel and altered download links on the vendor’s official website so that users seeking the popular CPU‑Z and HWMonitor utilities would instead receive a trojanized installer. The modification redirected downloads to Cloudflare R2 storage and delivered a malicious file masquerading as HWiNFO, exposing millions of users who rely on these tools for hardware diagnostics