A group of trusted WordPress plugins quietly carried a hidden backdoor for eight full months, and nobody noticed until the damage had already been done. The attack, uncovered in April 2026, did not begin with a dramatic breach. It started with the silent purchase of a legitimate plugin business on a public marketplace, setting the […] The post Hackers Hide Backdoor in Trusted WordPress Plugins for 8 Months Before Activating Malware appeared first on Cyber Security News.