UNC5142 exploits blockchain smart contracts and WordPress flaws to deliver stealer malware worldwide.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Threat actor UNC5142 exploits blockchain smart contracts on BNB Smart Chain to distribute information stealer malware through compromised WordPress sites. The attack uses a technique called EtherHiding to hide malicious code on public blockchains, making detection and takedown difficult. A multi-stage JavaScript downloader called CLEARSHORT leverages ClickFix social engineering to trick users into executing commands that install stealers like Atomic, Lumma, and Rhadamanthys on Windows and macOS systems. Google flagged approximately 14,000 infected web pages as of June 2025, though activity ceased in July. The attackers evolved their infrastructure from single to three-contract systems using a Router-Logic-Storage architecture, enabling rapid updates without modifying compromised websites.

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites