The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.

The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability.

Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

Researchers have found sneaky encoded malware targeting WordPress and Joomla sites that pretends to be ionCube files.

Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script.

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.

Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016.

Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain.