Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.

While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.

Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.

Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.

WordPress plugins are under active attack, a new banking trojan is spreading, and phishing and brute-force attacks continue unabated.

Discover the details of the critical vulnerability CVE-2024-8353 in GiveWP donation plugin for WordPress and the potential impact on your website.

There is a critical vulnerability in the LiteSpeed Cache plugin - Unauth Account Takeover in < 6.5.0.1 affecting 5+ millions of sites.

Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.
#Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress

WordPress admins, take heed: A recent development in a malware downloader called "SocGholish" could place your visitors at risk from malware infections!

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
#Actively #Calendar #Computer #Events #Exploited #File #InfoSec #Modern #Plugin #Security #Upload #Vulnerability #WordPress

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.