InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
Dark Reading

Browser Plug-In Vulns The Endpoint's Weakest Link

Despite all of the attention given to zero-day attacks and system vulnerabilities, the typical exploit assaulting enterprise endpoints actually looks for a much easier attack vector to launch attacks.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.