Jetpack security researchers have discovered that threat actors have injected backdoors into 53 WordPress plugins and 40 themes, which they can use to take control of any WordPress website. Sucuri researchers add that the criminals are most likely using the compromised add-ons to direct victims to malware-distributing and scam websites.

Cybercriminals are increasingly selling bank credentials through Telegram, while Cybersixgill reports that the decline in the sale of financial accounts on the platform is due to fewer credit cards being issued during the pandemic. Cybersixgill notes that "a parallel decrease was also identified in the total number of compromised credit cards sold on underground markets."

The UK and Australia have formed a Cyber and Critical Technology Partnership to stop cybercriminals from shopping jurisdictions for lighter penalties; also, the countries have agreed to exchange personnel. The agreements build "a network of liberty that will deter cyberattacks before they happen and call out malign actors who perpetrate the acts," said UK Foreign Secretary Liz Truss.

The Pennsylvania Senate has passed legislation that requires the state to develop methods to prevent ransomware attacks and to notify victims of a breach. The legislation comes following a report that bank account details of people receiving unemployment compensation had been diverted to fraudulent accounts.

Chief information and security officers can strengthen their own insider threat protocols by studying Iran's information-gathering tactics, such as the use of Facebook to build relationships. CISOs must constantly vet people and understand that even loyal insiders can be involved in long-term plots to access data.

Jon Brandt and Naomi Buckwalter discuss how to address some of the most pressing current challenges on the cybersecurity landscape in a Cyber Pro episode of the ISACA Podcast.

A report by Atlas VPN finds that credentials from 6 billion accounts were compromised in 2021, a record that underscores the importance of good password management. The "compilation of many breaches" data breach leaked 3.2 billion email and password combinations alone.

DefendX CEO Joe Cutroneo sees investing in secure cloud storage, addressing the risk of social engineering attacks and organizing unstructured data as among the key steps organizations must take to protect themselves from data breaches. "Ransomware as a service (RaaS) is continuing to expand and develop, and there's no reason to think this trend won't keep worsening," Cutroneo writes.

Improving supply chain security, using hybrid and multicloud strategy, planning for a sustainable future and -- most especially -- establishing a successful hybrid workforce model are the main themes Deloitte's 2022 Technology Industry Outlook report says tech companies must focus on to thrive this year. Deloitte's Paul Silverglate asserts that "[t]he companies that are best able to work collaboratively and in a heterogeneous environment are the ones that are going to be the most successful."

A CoderPad poll found that about two-thirds of recruiters from 131 countries believe there is bias in tech recruitment, which contributes to the industry's lack of diversity. Forty-two percent of the respondents said moving to a skills-based review during the hiring process could help reduce bias, while the poll also revealed equal pay and diverse worker backgrounds were supported by recruiters.