Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers.

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows