WordPress plugin security faces a major threat after attackers compromised OptinMonster and injected hidden backdoors into 1.2 million websites. Small business owners using this plugin must audit their sites immediately and verify all active plugins against official repositories.
Today's cyber news for small business owners covers several critical security issues. Attackers compromised the popular WordPress plugin OptinMonster, affecting 1.2 million websites with hidden backdoors. Microsoft faces two simultaneous problems: a critical SearchLeak vulnerability in Microsoft 365 Copilot (CVE-2026-42824) that could allow one-click data theft, and an embarrassing certificate expiry affecting their connectivity testing tool. The FBI warns of crypto scammers now using physical couriers in pig butchering schemes, while hackers are exploiting Microsoft Graph to target payroll and HR employees to redirect salaries. Small businesses must verify WordPress plugins, update Microsoft 365 immediately, strengthen payroll access controls, and remain vigilant against evolving social engineering tactics.
How does a WordPress plugin security breach spread to your business?
The OptinMonster compromise shows how supply chain attacks bypass traditional defenses. Attackers injected backdoors into a trusted plugin update, meaning sites running the affected version downloaded malicious code automatically. For SMBs, this creates two exposure points: backdoor access to customer data and potential liability if your site becomes an attack vector for clients. CISA recommends immediate action: disable OptinMonster, scan for unauthorized admin accounts, review access logs for June activity, and update to a patched version. If you cannot patch immediately, remove the plugin entirely. Run WordPress security scans using Wordfence or Sucuri to detect backdoors already present.
Key takeaways
- Disable OptinMonster immediately if installed, scan for unauthorized admin accounts, and check access logs for suspicious activity.
- Update all WordPress plugins through official channels only, never manually edit plugin files, and enable two-factor authentication on admin accounts.
- Microsoft 365 users must patch CVE-2026-42824 in Copilot and strengthen payroll system access controls to block Graph API exploitation.
- Conduct a plugin audit quarterly, remove unused plugins, and subscribe to CISA alerts for supply chain threats affecting your tech stack.
Frequently asked questions
Do I have to remove OptinMonster entirely from my site?
No, but only if a patched version is available and verified safe. Check the official OptinMonster changelog and wait for confirmation from CISA or Wordfence before re-enabling. If no patch exists, leave it disabled and use an alternative form tool. Do not manually edit plugin files to remove backdoors without expert help.
How do I know if my WordPress site was already backdoored?
Run a security scan using Wordfence Free or Sucuri SiteCheck, which detect common backdoor signatures. Check your wp-admin access logs for logins from unfamiliar IP addresses between June 1 and now. If you find unauthorized admin accounts, delete them immediately and reset all passwords. Contact a WordPress security specialist if you see signs of intrusion.
What should I do about the Microsoft CVE-2026-42824 Copilot flaw?
Apply the security update to Microsoft 365 immediately through your admin center. This flaw allows one-click data theft from Copilot, exposing documents and emails. Additionally, audit who has access to Microsoft Graph in your tenant and disable Graph API for users who do not require it, particularly payroll and HR staff targeted in the current attacks.
Why are hackers targeting payroll employees with Microsoft Graph?
Payroll and HR staff have legitimate access to salary and banking data through Microsoft Graph APIs. Attackers are using phishing and social engineering to compromise these accounts, then using Graph permissions to redirect salary transfers. Add multi-factor authentication and IP whitelisting to payroll systems, and train staff to recognize phishing emails requesting Graph or app permissions.
Sources
- https://www.infosecurity-magazine.com/news/wordpress-plugin-supply-chain/
- https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
- https://cybersecuritynews.com/microsoft-certificate-expiry/
- https://www.bleepingcomputer.com/news/security/fbi-fraudsters-use-couriers-to-steal-money-in-crypto-scams/
- https://cybersecuritynews.com/hackers-use-microsoft-graph-reconnaissance/