Supply chain Arbitrary code pushed by long concealed backdoor in widely used WordPress redirect add-on May 1, 2026 Share By SC Staff Popular WordPress plugin Quick Page/Post Redirect, which allows the creation of redirects in posts, pages, and custom URLs, was injected with a stealthy backdoor half a decade ago that enabled arbitrary code injection into websites, BleepingComputer reports. Hidden within Quick Page/Post Redirect versions 5.2.1 and 5.2.2 released from 2020 to 2021 was a self-update mechanism linked to anadnet[.]com that pushed arbitrary code, according to Anchor founder Austin Ginder, who discovered the malware across a dozen WordPress sites. While the illicit self-updater was removed in February 2021, all sites using the compromised plugin versions were updated with a tampered 5.2.3 build that injected a passive backdoor. Only logged-out users are impacted by the backdoor, which retrieves data from the "anadnet" server for potential SEO spam activity. "The actual mechanism was cloaked parasite SEO. The plugin was renting Google ranking on seventy thousand websites back to whoever was operating that backchannel in 2021," said Ginder. Whether the plugin was compromised by its developer or subjected to a third-party breach remains uncertain but the backdoor's developer was urged to release a static update manifest that would force upgrades to a clean version of the add-on. SC Staff Related Security Operations FCC approves new rules to combat robocalls and bolster cybersecurity SC Staff May 1, 2026 The commission unanimously passed measures to strengthen the "Know Your Customer" requirements for telecommunications companies, mandating more thorough identity verification for service enablement. Supply chain Illicit AI-assisted commit-linked npm dependency compromises crypto wallets SC Staff May 1, 2026 Illicit AI-assisted commit-linked npm dependency compromises crypto wallets North Korean state-backed threat group Famous Chollima, also known as APT37 and Reaper, has published the malicious @validate-sdk/v2 npm package purporting to be a validation tool, which is associated with a code commit co-authored by Anthropic's Claude Opus model, to breach cryptocurrency wallets as part of the PromptMink campaign that has been underway for the past seven months, according to Infosecurity Magazine. Supply chain Supply chain attack against SAP npm packages facilitates credential theft SC Staff May 1, 2026 Threat actors have compromised four SAP npm packages with credential-stealing malware as part of the new mini Shai-Hulud supply chain intrusion campaign, The Hacker News reports. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds