Built with Fnatic and powered by LG’s latest tandem OLED technology, Sony’s new INZONE M10S II redefines what a competitive gaming monitor can look, feel, and perform like.
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on the plug-ins. The backdoor was discovered after a new corporate owner bought these plug-ins.
Anchor Hosting founder Austin Ginder sounded the alarm in a blog post last week describing a supply chain attack on a WordPress plug-in maker called Essential Plugin. Ginder said someone last year bought Essential Plugin and the backdoor was soon added to the plug-ins’ source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed.
Essential Plugin says on its website that it has over 400,000 plug-in installs and more than 15,000 customers. WordPress’ plug-in install page says the affected plug-ins are in over 20,000 active WordPress installations.
Plug-ins allow owners of WordPress-based websites to extend the site’s functionality, but in doing so grant the plug-ins access to their installations, which can open these websites to malicious extensions and potential compromise. But Ginder warned that WordPress users are not notified of any plug-ins’ change in ownership, exposing users to potential takeover attacks by their new owners.
According to Ginder, this is the second hijack of a WordPress plug-in discovered in as many weeks. Security researchers have long warned of the risks of malicious actors buying software and changing its code in order to compromise a large number of computers around the world.
While the plug-ins have been removed from WordPress’ directory and now list their closure as “permanent,” Ginder warned that WordPress owners should check if they still have one of the malicious plug-ins installed and remove it. Ginder has a list of the affected plug-ins in the blog post.
Representatives for Essential Plug-in did not respond to a request for comment.
Claude Cowork is evolving into collaborative workplace infrastructure
Anthropic is advancing Claude Cowork beyond its preview stage with enterprise controls, analytics, and connector governance, indicating its desire for the product to be utilized across operations, finance, marketing, and legal, rather than confined to technical teams.
I appreciate what Framework is offering, but it must come through.
Framework hints at an upcoming hardware event highlighting open computing and user autonomy.
The intelligent home was meant to be accessible, yet it is turning into a toll plaza
The intelligent home has pledged effortless convenience. What it progressively provides is a refined system of control, where displays, audio devices, and control panels dictate what is visible, what is utilized, and what continues to power up after the equipment has already been purchased.
Dune 3 is arriving earlier than its filmmaker initially intended.
Director Denis Villeneuve mentions that he plans to produce Dune 3 much earlier than he initially anticipated.
You Inquired: Sony’s significant action has enthusiasts concerned, along with anti-reflective in a dimly lit space
Sony’s recent collaboration with TCL has audiences pondering the implications for quality, cost, and even privacy. We analyze what is truly transforming, if a new QD-OLED will be released this year, and evaluate anti-glare screens in a dimly lit environment.
Apple’s foldable iPhone could avoid a setback, after all
A release that Apple would preferably not overlook.
Apple’s AI eyewear will explore a variety of styles and hues
It’s all concerning the appearance.
Rockstar was breached once more, yet claims itâs not a major issue
Rockstar acknowledges a data breach associated with the hackers ShinyHunters, but states that it does not affect players, even with ransom threats and possible internal data leaks.