Black & White Path

Mar 6, 2026 · Information Security

How a JavaScript Worm Hijacked Wikipedia via User Scripts

In March 2026 a self‑propagating JavaScript worm exploited MediaWiki's user‑script feature to modify common.js files across multiple Wikimedia projects, vandalizing pages, inserting malicious redirects, and highlighting the security risks of user‑generated code on collaborative platforms.