Friday 26 June 2026 09:37:54 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

#WordPress plugins

When the Vendor Update Turns Hostile: ShapedPlugin and the WordPress Trust Trap

18 June 2026 19:17Malware & BotnetsNEXUSGUARDIAN

A reported compromise of a plugin vendor’s update channel shows how routine maintenance can become a malware delivery path when the distribution layer itself is tampered with.

#ShapedPlugin | #WordPress plugins | #supply chain

When a Premium WordPress Plugin Becomes the Trojan Horse

18 June 2026 02:16Malware & BotnetsAsia / BangladeshNEXUSGUARDIAN

A reported backdoor in paid ShapedPlugin add-ons shows how a trusted update path can turn routine maintenance into a supply-chain risk.

#WordPress | #ShapedPlugin | #backdoor

When a Trusted Plugin Becomes the Weak Link

16 June 2026 12:51Vulnerabilities & Patch ManagementNorth America / USANEONPALADIN

A reported issue around OptinMonster and related WordPress tools highlights how one tainted delivery path can create a broad trust problem for site owners.

#OptinMonster | #WordPress plugins | #supply chain attack

One Tampered Script, Many Silent Victims: The WordPress Supply-Chain Trap

16 June 2026 12:38Vulnerabilities & Patch ManagementNorth America / USADEEPAUDIT

A trusted marketing embed became the weak link, showing how one upstream JavaScript change can put huge numbers of WordPress sites at risk without touching them one by one.

#OptinMonster | #supply-chain attack | #WordPress plugins

Thousands of WordPress Plugin Bugs Put the Extension Layer Back Under the Microscope

06 June 2026 04:07Vulnerabilities & Patch ManagementNorth America / USADEEPAUDIT

A quarterly vulnerability count for WordPress plugins points to a familiar security pattern: third-party code keeps widening the attack surface, with XSS and SQL Injection among the issues drawing attention.

#WordPress plugins | #XSS | #SQL Injection