The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...
The Business Journals

UF unveils initial rendering of first academic building of Jax campus

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The release comes after Edgemoor ...
The Business Journals

Denver software company acquires another business, plans hiring

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min “We would like to create an ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...
Searchenginejournal.com

Ask An SEO: Can AI Systems & LLMs Render JavaScript To Read ‘Hidden’ Content?

For this week’s Ask An SEO, a reader asked: “Is there any difference between how AI systems handle JavaScript-rendered or interactively hidden content compared to traditional Google indexing? What ...
Dark Reading

Attackers Can Use QR Codes to Bypass Browser Isolation

Security researchers have found a way to bypass three types of browser isolation, which would allow a cyberattacker to send malicious data to a remote device by using QR codes. Researchers from ...
Bleeping Computer

New phishing toolkit uses PWAs to steal login credentials

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. A PWA is a web ...