New Wordpress Security Scanning Module, Cloudflare Unveils RDP Alternative
Wordpress Security
I recently saw a video of NetworkChuck using WPScan, a Wordpress vulnerability scanning tool and thought to myself, why isn’t there a free version of that? So, with the help of Claude (and some massaging of course), I was able to put together a standalone script and module that generates an HTML report highlighting vulnerabilities. You can download it here: https://github.com/jimrtyler/WordpressScanner
Follow me on GitHub if you haven’t already!
Videos
Import-Excel Magic: Doug Finke does a deep dive into automating Excel with PowerShell.
KevTech on Building a Career from the Ground Up: Andrew is joined on the PowerShell Podcast by KevTech, who is an expert at coaching entry level IT professionals.
News & Security Updates
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a PowerShell command, which then grabs a PowerShell-script payload from a command-and-control (C2) server and executes it. Read More
How To Create a Tabbed GUI in PowerShell
ITProToday has a great step by step on using Windows Forms. I think this is a good introduction to step through instead of using AI tools (though that is easy).
Read More
Cloudflare Unveils a New RDP Alternative
Cloudflare has unveiled a clientless, browser-based Remote Desktop Protocol (RDP) solution, expanding its Zero Trust Network Access (ZTNA) capabilities for secure Windows server access. “RDP has also been used to deploy ransomware such as Ryuk, Conti, and DoppelPaymer, earning it the nickname “Ransomware Delivery Protocol,” notes Cloudflare in their announcement. Read More
Supply Chain Attack on CI Pipeline
A popular GitHub Action, tj-actions/changed-files, was compromised in a supply chain attack affecting over 23,000 repositories. Attackers injected malicious code into this action (used for reporting changed files in PRs) that would export sensitive CI/CD secrets by printing them in build logs. If a public project’s logs were exposed, an attacker could scrape credentials like API keys. The issue (tracked as CVE-2025-30066) was discovered around March 14 and patched by March 19. It serves as a warning to pin action versions and regularly review third-party actions for unusual changes. CISA and security firms also published analyses, urging dev teams to update any pipelines using the affected action and consider rotating any credentials that might have leaked. Read More