WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
SecurityWeek

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised. The ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Morning Overview on MSN

CISA just added two Microsoft Defender flaws to the actively exploited list — every federal agency ordered to patch CVE-2026-41091 and CVE-2026-45498 by Wednesday

Every federal civilian agency running Microsoft Defender now faces a two-week countdown to fix two actively exploited security flaws. CISA added CVE-2026-41091 and CVE-2026-45498 to its Known ...