Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.