Mur d'images - Cyberveille

curated by Decio

Hidden Malware Strikes Again: Mu-Plugins Under Attack

Thousands of websites hit by four backdoors in 3rd party JavaScript attack

WordPress ClickFix Malware Causes Google Warnings and Infected Computers

Hidden Backdoors Uncovered in WordPress Malware Investigation

10,000 WordPress Websites Found Delivering MacOS and Windows Malware

Malware Redirects WordPress Traffic to Harmful Sites

Over 5,000 WordPress sites caught in WP3.XYZ malware attack

Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials

PHP Reinfector and Backdoor Malware Target WordPress Sites

Jetpack fixes critical information disclosure flaw existing since 2016

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan

CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk

Critical Account Takeover in LiteSpeed Cache Plugin

WordPress Websites Used to Distribute ClearFake Trojan Malware

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

Hackers target WordPress calendar plugin used by 150,000 sites

Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched). – NinTechNet

State of WordPress Security In 2024

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Phishing pages placed on hacked websites

WordPress plugin installed on 1 million+ sites logged plaintext passwords

‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign

WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers

The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai

Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites

WordPress Advanced Custom Fields Pro plugin <= 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign

GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites

CVE-2022-21661: Exposing Database Info via WordPress SQL Injection

Massive ois[.]is Black Hat Redirect Malware Campaign

PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin

Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution