The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
SecurityWeek

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

Authorities announced taking down 106 SocGholish botnet C&C servers and domains, and cleaning up 15,000 WordPress websites.
Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
U.S. News & World Report

7 High-Yield Covered Call ETFs Income Investors Will Love

The history of covered call exchange-traded funds, or ETFs, in the U.S. can largely be traced back to the launch of the Invesco S&P 500 BuyWrite ETF (ticker: PBP) in December 2007. The fund was ...
Morning Call PA

The Morning Call

Thanks to an infusion of federal funds, Mack Defense will continue producing heavy dump trucks in Allentown.