Monday, January 13, 2025
Tag:

WordPress security

SocGholish Malware Attacking Windows Users Using Fake Browser Update

The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored...

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious...

Sign1 Malware Hijacked 39,000 WordPress Websites

A client's website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign...

WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS...

Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks

Researchers recently uncovered distributed brute force attacks on target WordPress websites using the browsers of innocent site visitors. A recent increase in website hacking that targets...

100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

KingComposer, a WordPress plugin found installed with over 100,000 WordPress sites found vulnerable to Reflected Cross-Site Scripting.The vulnerability was found by the Wordfence security...

Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials

Cybercriminals launched more than 130 million attacks aiming to harvest database credentials from 1.3 million Wordpress sites.In this massive attack campaign, cybercriminals used several...

Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Websites

Researchers from Wordfence uncovered two RCE vulnerabilities in Wordpress SEO plugin called Rank Math let hackers hijack nearly 200,000 vulnerable Websites and gain...