Popular WordPress redirect plugin hid dormant backdoor for years

Published on April 29, 2026

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. [...]

Continue reading on website
Other news

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

April 29, 2026
Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. [...]

Official SAP npm packages compromised to steal credentials

April 29, 2026
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]