CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their ...

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it. Cloudflare has unveiled EmDash, a new open-source content management system ...

WordPress’s publishing software can now run entirely in the web browser, the organization behind the open source publishing software announced on Wednesday. Through a new service called ...

An advisory was issued for a critical vulnerability rated 9.8/10 in the CleanTalk Antispam WordPress plugin, installed in over 200,000 websites. The vulnerability enables unauthenticated attackers to ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

We’ve managed to enable the upcoming “My Calling Card” feature in Google’s Phone app. You can now create your own Calling Card, choose a photo, customize fonts, and control who sees it. If someone ...

Vibe coding is the newest phase of web creation: you describe what you want, the system interprets your intent, and it assembles a site from composable pieces. Think <Hero>, <PricingTable>, ...

Buried within iOS 26 is a hidden history that lets you see every call you've ever exchanged with a specific contact, potentially going back years. You might not know it, but you can access this ...