MSN on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web servers without ever logging in. The flaw, tracked as CVE-2026-3584, carries a ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Device code social engineering attacks BleepingComputer has learned from multiple sources that threat actors have begun using vishing social engineering attacks that no longer require ...