Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

Why CTEM is the Winning Bet for CISOs in 2025

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.
mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the

Headline

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

The Hacker News: Latest News