Trusted WordPress plugins carried a hidden backdoor for months before malware went live

A supply chain attack hit the WordPress plugin ecosystem after a buyer acquired a portfolio of widely used plugins and slipped in malicious code that stayed dormant for about eight months. Security reporting from Anchor says the code first appeared in an August 8, 2025 update and only activated on April 6, 2026, when affected […] The post Trusted WordPress plugins carried a hidden backdoor for months before malware went live appeared first on VPN Central.