Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Cybersecurity researchers have uncovered a malicious campaign targeting WordPress sites using a fake security plugin, `WP-antymalwary-bot.php`, which grants attackers admin access and enables stealth reinfection and JavaScript ad fraud. The plugin camouflages itself while pinging to a command-and-control server, spreading malware, and injecting ads. Known variants include `addons.php` and `wpconsole.php`. The malware's rise since January 2025 suggests Russian involvement. Other incidents include fake font domains for card skimming and deceptive CAPTCHA verifications leading to Node.js-based backdoors, attributed to the Kongtuke traffic distribution system.

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

<p>Hackers getting smart these days XD</p>
<p>Honestly, with WordPress people might just think “it’s a bug”, because I have literally seen scenarios where important APIs get disabled just cuz someone changed the theme</p>
