Self-propagating JavaScript worm targets Wikimedia projects

First reported

05.03.2026 22:42

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A self-propagating JavaScript worm exploited a malicious script on Russian Wikipedia, spreading across multiple Wikimedia projects and vandalizing pages. The worm modified user scripts and global JavaScript files, affecting approximately 3,996 pages and 85 user accounts. Wikimedia temporarily restricted editing to contain the attack and revert changes. The incident began when a Wikimedia employee account executed a dormant script, which then propagated through user sessions and global scripts. The worm's persistence mechanisms included modifying user-level and site-wide JavaScript files, allowing it to spread automatically. The injected code also edited random pages to insert hidden JavaScript loaders. Wikimedia has not yet released a detailed post-incident report.

Timeline

05.03.2026 22:42 1 articles · 2h ago

Self-propagating JavaScript worm affects Wikimedia projects
A self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple Wikimedia projects. The incident started when a malicious script hosted on Russian Wikipedia was executed by a Wikimedia employee account. The worm spread by injecting malicious JavaScript loaders into user common.js and global MediaWiki:Common.js files, affecting approximately 3,996 pages and 85 user accounts. Wikimedia temporarily restricted editing to contain the attack and revert changes.
Show sources

Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
Open in new tab

Information Snippets

The incident started with a malicious script hosted on Russian Wikipedia, which was executed by a Wikimedia employee account.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
The script self-propagated by injecting malicious JavaScript loaders into user common.js and global MediaWiki:Common.js files.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
Approximately 3,996 pages were modified, and around 85 users had their common.js files replaced.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
The worm spread by exploiting user sessions and privileges, modifying scripts to load the malicious code automatically.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
Wikimedia temporarily restricted editing across projects to contain the attack and revert changes.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42
The injected code has been removed, and editing is once again possible, but a detailed post-incident report has not been published.
First reported: 05.03.2026 22:42

1 source, 1 article
Show sources
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages — www.bleepingcomputer.com — 05.03.2026 22:42

Summary

Timeline

Self-propagating JavaScript worm affects Wikimedia projects

Information Snippets