Cyber Crime
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the...
Cyber Crime
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways,...
CVE/vulnerability
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites.The vulnerability, which...
CVE/vulnerability
4M+ WordPress Websites to Attacks, Following Plugin Vulnerability
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly known as "Really Simple SSL," putting over 4 million...
Cyber Attack
ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites
Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins.These plugins, disguised as legitimate tools,...
CVE/vulnerability
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform.This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites...
CVE/vulnerability
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas).The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary...
Cyber Attack
SocGholish Malware Attacking Windows Users Using Fake Browser Update
The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored...