惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
腾讯CDC
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
A
Arctic Wolf
B
Blog RSS Feed
Forbes - Security
Forbes - Security
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
P
Proofpoint News Feed
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
阮一峰的网络日志
阮一峰的网络日志
aimingoo的专栏
aimingoo的专栏
T
Tenable Blog
MyScale Blog
MyScale Blog
U
Unit 42
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
WordPress大学
WordPress大学
W
WeLiveSecurity
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
罗磊的独立博客
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
美团技术团队
Microsoft Security Blog
Microsoft Security Blog

TechSpot

Flagship Rematch: Ryzen 7 5800X3D vs. Core i9-12900K Typing with your brain might soon be as simple as wearing a beanie Slack chats and internal data from failed startups are finding a second life in AI training A $5 Bluetooth tracker hidden in a postcard exposed a warship's movements Leakers claim PlayStation 6 could offer at least 3x the performance of the PS5 The Mac Mini is no longer a niche product, it's local AI infrastructure IPv6 traffic reaches parity with IPv4 for the first time, Google data shows Xbox expansion cards are now cheaper than SSDs, and PC users are repurposing them Blue Origin prepares to reuse New Glenn booster in bid to challenge SpaceX Nvidia could bring back the 12GB RTX 3060 as supply issues disrupt GPU roadmap What was the first OS you ever used? SNK revives NeoGeo AES with modern upgrades and HDMI support Valve's Proton 11 beta boosts Linux gaming with better performance and classic game support Researchers warn Microsoft Defender vulnerability is already being exploited A four-day Steam freebie turned into $250,000 for an indie game AMD may relaunch Ryzen 7 5800X3D for AM4's 10th anniversary This humanoid robot can almost run as fast as a human sprinter Two New Jersey men jailed for helping North Korean IT workers infiltrate 100+ companies A $7,000 DIY radar project is taking on hardware that usually costs over $100,000 Metro 2039 is going darker than ever, launching this winter on PC and consoles Gemini arrives on macOS with a dedicated desktop app AI infrastructure boom pushes AMD, Intel and Arm to new valuation heights New self-healing material can repair itself over 1,000 times, extend the lifespan of cars and aircraft Japan's bullet train to debut high-tech private cabins, for an added fee Memory card and flash drive pricing surges 120%, with some models spiking 260% Open-source tool decrypts all private data collected by Windows Recall on Copilot PCs The 2026 PC and Console Gaming Report shows most revenue now comes from games outside the Top 20 PureMac is a new open-source macOS cleanup and app removal tool Your Airbnb host might actually be AI Steam might soon display 30-day price history for game deals Intel brings 18A process to budget laptops with new Core Series 3 CPUs How Intel Got Into Trouble: We Test the Last Decade of Intel Flagship CPUs Microsoft counters MacBook Neo with free Game Pass and Office bundle on Windows laptops Spotify launches physical book sales, expands audiobook features Intel Nova Lake-S is coming after Ryzen APUs with a 16-core iGPU for gamers on a budget Alienware launches $350 QD-OLED monitor with lower brightness to cut costs Recordly brings Screen Studio-style recordings to a free, open-source app Meta doubles down on custom AI chips with Broadcom deal through 2029 Someone finally got an RTX 5090 running on a Mac – no hacks required Will AI agents need to buy their own software licenses? Microsoft sure hopes so Duolingo stops evaluating workers based on how much AI they use Nvidia warranty payouts surged 1,000% last year, not that they can't afford it Nvidia says it's not buying a PC maker, but the idea didn't seem crazy Netgear becomes first router brand exempt from FCC foreign-made ban Google adds Rust to Pixel 10 modem to block attacks at one of Android's weakest points Clicking "reject cookies" might not actually do anything DaVinci Resolve 21 beta adds photo editing and deeper AI integration Malware campaign lures users with fake Windows Update website Apple is testing four smart glasses designs as it prepares to challenge Meta Ray-Bans Amazon purchases Globalstar for $11.6B to expand its low Earth orbit satellite network Capcom's Pragmata earns strong early reviews ahead of release Microsoft is removing 32GB size limit for FAT32 volumes, this time for real Missouri town ousts half of its city council after $6 billion AI data center approval External GPUs were always second best. CopprLink may change that Google will demote websites that hijack your browser's back button Japan finds a way to recover 90% of lithium from old EV batteries Man who vandalized Sam Altman's home claimed AI would end humanity, charged with attempted murder New terahertz technique lets engineers see inside running processors in real time Microsoft just made its Surface laptops a lot more expensive Shipping records suggest Valve will launch the Steam Controller before the Steam Machine This 3D-printed 15-fan side panel drops CPU temps by 20 degrees Rockstar Games hit with ransom demand after third-party data breach Blu-ray lives on as Verbatim and I-O Data pledge support with new drives and discs The software that landed Apollo 11 on the moon is now free online Metal Gear Solid movie is back on track with new directors Anti-data center vote in Wisconsin puts future AI projects on notice Mozilla says Microsoft is using Copilot and Edge to tighten its grip on Windows Gmail encryption goes mobile, but email itself remains the weak link France starts moving government systems from Windows to Linux xAI sues Colorado over AI law, calling it a threat to free speech Florida launches probe into OpenAI as company eyes massive IPO South Korea moves to curb the meteoritic rise of DRAM and PC hardware prices Keychron shares 3D keyboard blueprints on GitHub, opening hardware to modders Nvidia's mythical N1 SoC surfaces on a real motherboard, and it's packing 128GB of LPDDR5X Tesla is working on a smaller, cheaper electric SUV DDR5 prices drop nearly 30%, but memory costs are still far from normal Amazon laid off 30,000 workers while CEO Andy Jassy got a 30% pay bump FBI recovers "deleted" Signal messages through iPhone notifications PC market posts modest growth in early 2026 despite memory shortages and economic strain TikTok star Khaby Lame's $975 million deal is raising serious red flags VeraCrypt, WireGuard among projects disrupted by Microsoft account suspensions Microsoft OneDrive users report mysterious spam files that won't go away Intel tops $300 billion market cap for the first time since the dot-com boom The cables powering the internet are under the ocean – and under threat A version of Windows 10 released a decade ago is now eligible for additional security patches Iran-linked hackers are now targeting industrial controllers in US infrastructure Hackers are turning home routers into tools to spy on Microsoft 365 users A weird macOS bug is blocking new network connections after 49 days of uptime NIH study identifies experimental opioid with strong pain relief and lower addiction risk SanDisk's new 2TB SD card costs $2,000, and it's not even the fastest option Ohio man pleads guilty in first case under federal law banning AI deepfakes John Deere will pay $99 million in right-to-repair lawsuit, but admits nothing Tech layoffs are piling up: 80,000 jobs cut in early 2026, and AI is getting the blame Greece to ban social media for children under 15 starting next year New report revives theory that cryptographer Adam Back could be Bitcoin creator Satoshi Nakamoto Anthropic just lost another round in its fight with the Pentagon Some Windows 3.1 apps were simply "too evil" for Windows 95 to support, says Microsoft veteran AMD confirms Ryzen 9 9950X3D2 priced at $899 German police identify REvil and GandCrab mastermind now living in Russia After Wi-Fi 7's Speed Push, Wi-Fi 8 Is Turning to Reliability
Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk
Alfonso Maruccia · 2026-04-16 · via TechSpot

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

A hot potato: WordPress plugins can significantly expand the native capabilities of the popular content management system, but they can also become a double edged sword. When malicious code finds its way into a widely used plugin ecosystem, the consequences can run amok fast and in unpredictable ways.

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially massive supply chain attack was unveiled by Austin Ginder, a WordPress developer and founder of the WP hosting service Anchor. The entrepreneur found that the threat was already affecting some Anchor customers, abusing a clever trick to keep C2 communications safe from easy takedown attempts.

Ginder's investigation began when an Anchor customer received an alert from the WordPress.org plugin team. The alert warned that a plugin named Countdown Timer Ultimate (CTU) contained potentially malicious code, including a backdoor that could be abused by a third party to gain unauthorized access to a WordPress website.

The plugin was part of a larger series developed by "Essential Plugin," an Indian brand that was recently acquired by an unknown party operating in the crypto and gambling business.

The CTU plugin was part of a larger plugin series developed by Essential Plugin (EP), an India based brand that was recently acquired by an unknown party operating in the crypto and gambling business. Soon after purchasing the roughly 30 plugins created by EP, the new owner added a backdoor to the codebases in their very first SVN commit.

The new owner added a backdoor to the codebases in their very first SVN commit.

The backdoor has been tracked and was added eight months ago, but it only received its first malware injection on April 6, 2026. The injected code contained some sophisticated payloads within a large block of PHP hidden inside wp-config.php, one of the central configuration files in a WordPress installation. The malware was designed to fetch spam links, trigger URL redirects, and generate fake pages.

The code responsible for checking for new instructions from the criminals' command and control server hid the server's domain inside an Ethereum smart contract. The attacker could update the smart contract with a new C2 domain at any time, making domain takedown attempts largely impractical.

After being warned about the issue, the WordPress.org plugin team removed all 30 or so plugins developed under the original EP brand. Ginder has provided a list of the plugins confirmed to be affected by the backdoor code, allowing WP admins to check whether their websites may now be at risk.

Ginder warns that this is the second instance of a malicious party taking over popular WordPress plugins to pursue malicious goals. The first case occurred in 2017 and affected a single plugin installed on 200,000 websites. The EP case operates at a much larger scale, with hundreds of thousands of potentially vulnerable WP sites.

The WordPress plugin marketplace is notorious for its ongoing security and trust issues. Right now, the WP team has no reliable system to flag plugins that have changed hands without site owners knowing. Things are unlikely to improve anytime soon before WordPress and WP Engine resolve their legal issues.