WordPress Plugin Hack Spreads Hidden Malware to Thousands of Sites

A recent report from BleepingComputer explains that more than 30 widely used WordPress plugins were secretly tampered with to include malicious code, affecting thousands of websites. The plugins, part of a package called “EssentialPlugin,” had a hidden “backdoor” inserted as early as August 2025, but the harmful features were only activated recently through routine software updates. Once activated, the malware allowed outsiders to access affected websites and inject spam content, redirects, and fake pages without the site owners noticing.

The attack appears to be a supply-chain compromise, meaning the attackers didn’t hack individual websites directly but instead poisoned trusted software used by many sites. The malicious code quietly contacted external servers to download additional harmful instructions, even using advanced techniques like blockchain-based systems to avoid detection. It was designed to stay hidden. for example, showing spam content only to search engines like Google, not to regular visitors. making the problem harder for site owners to detect.

In response, WordPress removed the compromised plugins and pushed out forced updates to stop the malicious activity. However, experts warn that simply updating may not fully fix infected sites, because some malware may remain hidden in core files. Website administrators are advised to thoroughly check their systems, remove affected plugins, and clean or restore their sites from backups to ensure they are fully secure.

CISA Flags Actively Exploited Microsoft Excel and SharePoint Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have flagged two Microsoft security flaws. one in Excel and one in SharePoint. as actively being used by hackers. The Excel issue affects older versions and can be triggered simply by opening a malicious file, potentially giving attackers control of a system. The SharePoint vulnerability, which impacts a platform widely used for document sharing within organizations, could allow unauthorized access to sensitive data or systems.

Because these flaws are already being exploited, federal agencies are required to fix them with a deadline set for late April 2026. The situation highlights how unpatched software. even older issues. can still pose serious risks, reinforcing the importance of keeping systems up to date to protect against cyberattacks.

Project Glasswing and Mythos AI: Early AI Vulnerability Findings

Anthropic recently introduced a powerful new AI model called Mythos, claiming it can find serious software vulnerabilities so effectively that releasing it widely could cause major disruption. Instead, the company launched a limited testing program called Project Glasswing, where around 50 major organizations, including Google and Microsoft, can use the tool to uncover and fix security flaws in their own systems before attackers can exploit them.

Despite these bold claims, it’s still unclear how much the project has discovered. A researcher reviewed a large database of known security issues and found about 40 vulnerabilities linked to Anthropic researchers, but there’s no clear proof that these were all found through Project Glasswing. Many of the issues affected widely used software like the Mozilla Firefox browser and common security libraries, but the connection to the new AI system remains uncertain.

So far, only one specific vulnerability has been publicly tied to the project: a serious flaw in the FreeBSD operating system that could allow attackers to take full control of a machine. Anthropic has suggested its AI has found other long-standing bugs as well, some decades old, but details are limited. A more complete picture of the project’s real impact is expected when a full report is released later in 2026

Defensible Strategies

Learn from those who have been attacked

Q1 2026 Cyber Threat Landscape: Rising Attacks on U.S. Public Sector

The first quarter of 2026 shows a sharp escalation in cyber threats facing U.S. government agencies and schools. Attacks are coming from a mix of nation-state actors, criminal ransomware groups, and increasingly automated systems powered by artificial intelligence. Many incidents are highly targeted, including espionage-style operations against government communications and large-scale ransomware campaigns affecting public services.

A major development is the continued activity of China-linked groups targeting U.S. government and telecommunications systems. One group, Salt Typhoon, has reportedly gained long-term access to sensitive communications, including congressional staff emails tied to national security work. At the same time, state agencies in places like Illinois and Minnesota experienced data exposures caused by configuration mistakes and weak access controls, while law enforcement in Alaska was disrupted through a third-party vendor compromise.

The education sector and critical infrastructure remain especially vulnerable. Schools continue to suffer ransomware attacks and large-scale data breaches due to limited resources and outdated systems. Meanwhile, ransomware groups are increasingly using AI tools to automate parts of their attacks, making them faster and harder to defend against. Across all sectors, attackers are also actively exploiting known security flaws in widely used software, underscoring the importance of rapid patching and stronger system configuration practices.

Microsoft Rewards Researchers $2.3M for Cloud and AI Vulnerability Findings

Microsoft awarded $2.3 million in rewards to security researchers who found software vulnerabilities during its 2026 “Zero Day Quest” hacking competition. The event drew nearly 700 submissions from participants around the world, including students, professors, and professional security researchers, all testing Microsoft systems in controlled environments. More than 80 of the issues discovered were considered high-impact, especially in cloud computing and artificial intelligence systems.

The competition was held at Microsoft’s Redmond campus and focused on finding serious security weaknesses such as credential exposure, flaws that could allow unauthorized data access between cloud customers, and weaknesses involving web service communication. All testing was done under strict rules to ensure no real customer data or systems were harmed during the process.

The Zero Day Quest is part of Microsoft’s broader Secure Future Initiative, which aims to strengthen the company’s security practices after earlier criticism of its cybersecurity culture. Microsoft has significantly expanded its bug bounty programs in recent years, paying millions of dollars to researchers worldwide, and plans to continue publicly sharing important security findings to help improve the safety of its cloud and AI services.

Russia-Linked Hackers Exploit Old Routers to Steal Microsoft Login Tokens

Hackers linked to Russia’s military intelligence service (GRU), tracked as “Forest Blizzard” (also known as APT28 or Fancy Bear), have been using weaknesses in older, poorly updated Internet routers to spy on users at large scale. Instead of installing traditional malware, they exploited known security flaws in small office/home routers to change their network settings and secretly redirect internet traffic. This allowed them to target organizations such as government agencies and email providers while avoiding more obvious signs of intrusion.

By hijacking router DNS settings, the attackers were able to reroute users’ login traffic through systems they controlled, letting them capture Microsoft Office authentication tokens. These tokens are especially valuable because they can provide access to accounts even after users complete multi-factor authentication, meaning attackers often don’t need passwords or verification codes. At its peak, the campaign affected more than 18,000 networks and at least 5,000 individual devices, most of them outdated or no longer receiving security updates.

Security researchers say the operation shows how effective “low-tech” attacks on outdated infrastructure can be, especially when attackers adapt quickly to defensive warnings. After previous reports exposed similar activity, the group reportedly changed tactics to expand the scale of their router hijacking. Experts warn that aging consumer and small business routers remain a major security risk because they are often unpatched but still connected to critical networks.