Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

WordPress adds an AI assistant

WordPress also added the AI assistant to the platform's team chat, Block Notes. You can summon the chatbot from within your team chat threads.
Priority Pixels

WordPress Under Pressure: Why Your Site’s Performance Is Secretly Tanking (And How to Fix It)

WordPress powers a significant share of the web, and for good reason. It is flexible, well supported and capable of handling everything from a simple brochure site to a full ecommerce platform. But ...
Bleeping Computer

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
Morningstar

Moderne Expands Modernization Platform With First Type-Attributed JavaScript & TypeScript Refactoring

Lossless Semantic Tree code model now spans backend and frontend, giving enterprises one deterministic platform to modernize safely at scale. Moderne, the enterprise code modernization platform from ...
TechRadar

WordPress Foundation bid for greater trademark control halted, adding to more legal setbacks for CEO Matt Mullenweg

Unprotected.org successfully petitions USPTO against the application for Hosted WordPress and Managed WordPress However this is not an absolute denial for the trademarks Move leads some to call Matt ...
GitHub

The Add Admin JavaScript plugin for WordPress is...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
CSOonline

Formerly legitimate Polyfill.io domain abused to serve malicious code

A site formerly used to host a service geared towards adding JavaScript polyfills to web pages to ensure compatibility with older browsers is being abused to serve malicious scripts as part of a ...