70% of WordPress Sites Running Outdated PHP Versions, Leaving Millions Exposed

70% of WordPress Sites Running Outdated PHP Versions, Leaving Millions Exposed

A recent analysis of publicly accessible WordPress installations has revealed a startling reality: a large majority of sites are running PHP versions that are no longer supported, creating a widespread and avoidable security risk. While WordPress itself issues regular updates, the underlying server-side language many sites rely on—PHP—has lagged behind in adoption. The result is an ecosystem where millions of

Photo ZIP Campaign Targets Hospitality Industry with Node.js Implant for Persistent Access

Photo ZIP Campaign Targets Hospitality Industry with Node.js Implant for Persistent Access

Microsoft Threat Intelligence has identified an active, multi-stage intrusion campaign that has targeted organizations in the hospitality and hotel industry since April 2026. Attackers delivered browser-downloaded photo-themed ZIP archives that contained executable shortcut files disguised as images. When opened, these shortcuts kicked off an obfuscated PowerShell chain that fetched a Node.js–based implant, established dual registry persistence, and initiated command-and-control (C2)

How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk

How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk

A critical remote code execution (RCE) vulnerability in the Google Gemini CLI and its associated GitHub Action exposed a startling weakness in how AI tooling can interact with developer infrastructure. Rated with the maximum CVSS score of 10.0, the bug allowed unprivileged external actors to execute commands on the machines running CI/CD workflows. This wasn’t a prompt-injection trick against a

Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions

Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions

Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,

How a Flippa Purchase Turned 30+ “Essential Plugin” WordPress Plugins into Backdoor Bait

How a Flippa Purchase Turned 30+ “Essential Plugin” WordPress Plugins into Backdoor Bait

Last week I encountered a supply-chain incident that felt eerily familiar but much larger in scale. A client’s dashboard had started showing a warning from the WordPress.org Plugins Team about a plugin serving code that could permit unauthorized access. A deeper dive revealed an attacker had quietly weaponized an entire portfolio of plugins—planting a backdoor that lay dormant for months

Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication

Critical Flaw in User Registration Membership Plugin (CVE-2026-1492) Lets Attackers Bypass WordPress Authentication

A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents