Nearly 2,000 WordPress sites have been infected with malware that uses Steam Community profile comments to conceal command-and-control communications, researchers discovered.
The campaign exploits Steam's social features as an unconventional infrastructure layer for malicious operations. Attackers hide C2 data in comments on compromised or attacker-controlled Steam profiles, allowing infected WordPress installations to retrieve commands while evading detection.
This method bypasses traditional network monitoring since traffic to Steam appears legitimate. The malware likely gains initial access through vulnerable plugins or weak credentials on WordPress sites.
Security researchers identified the infection pattern across a distributed set of WordPress installations. The use of Steam profiles demonstrates how attackers adapt to exploit trusted platforms for command distribution.
WordPress site administrators should immediately audit active plugins, update to the latest versions, and enforce strong credentials. Security teams should monitor for unusual outbound connections to Steam Community domains from web servers.
Threat actors are deploying an AI-powered ransomware toolkit that automates Active Directory discovery and circumvents endpoint detection and response solutions. The advancement marks a significant escalation in ransomware attack sophistication.
Palo Alto Networks raised its adjusted earnings forecast, citing strong demand for security services as AI-related threats escalate concerns among enterprises and governments.
Password manager Dashlane disclosed that attackers compromised some customer accounts by brute-forcing its two-factor authentication system, gaining access to encrypted password vaults.
A Grand Theft Auto V cheat service suffered a security breach, with hackers stealing usernames, hashed passwords, and user data from thousands of gamers.