05 Jun 2020

Attackers tried to grab WordPress configuration files from over a million sites

A hacker tried to gather the WordPress configuration files of 1.3 million sites in one month after insertion a backdoor into the sites in early May. The XSS campaigns have been previously reported and sent attacks from over 20,000 different IP addresses. However, this new campaign is using the same

Read More
21 May 2020

Thousands of Israeli sites defaced with code seeking permission to access users’ webcams

A new threat actor group by the name “Hackers of Savoir” has targeted thousands of Israeli websites, defacing them to display an anti-Israeli message and malicious code that requests access to site visitors’ webcams. Researchers believe that more than 2,000 websites have been defaced by the group during the campaign,

Read More
01 Apr 2020

Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins

A vulnerability has been found in the WordPress SEO Plugin that allows attackers to give admin privileges to any registered users on sites run by WordPress. This leaves 200,000 sites with active installations vulnerable to attack if left unpatched. The plugin, called Rank math, allows website owners to perform search

Read More
13 Mar 2020

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

WordPress is facing more vulnerabilities, this time in its Popup Builder plugin. The flaw allows unauthenticated attackers to inject malicious JavaScript into popups, which can then affect tens of thousands of websites and allow the attacker to steal information and take over targeted sites in the worst-case scenario. The plugin

Read More
20 Feb 2020

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up

Read More
23 Jan 2020

Thousands of WordPress Sites Hacked to Fuel Scam Campaign

Over 2,000 WordPress sites have been hacked according to website security firm Sucuri. Sucuri analysts detected attackers exploiting vulnerabilities in plugins used by many WordPress customers to add additional features to their operations. The analysts detected the vulnerabilities in the third week of January. The hacks were purported to fuel

Read More
17 Jan 2020

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Infinite Client and WP Time Capsule, two WordPress plugins, contain vulnerabilities that leave sites open to attack. The bug is a critical authorization complication that allows adversaries access to the backend of a site without a password. The attacker only needs the admin username for the WordPress plugins. Both of

Read More
21 Nov 2019

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

WordPress website admins and owners are encouraged to immediately apply the Jetpack 7.9.1 critical security update. Vulnerabilities in Jetpack that could leave websites subject to attack have existed since Jetpack 5.1. Jetpack is a popular WordPress plugin that features security, performance and site management services including malware scanning and brute-force

Read More
02 Sep 2019

WordPress sites under attack as hacker group tries to create rogue admin accounts

Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Read More
24 Jun 2019

Free proxy service found running on top of 2,600+ hacked WordPress sites

Netlab researchers are warning that the Free-Socks.in proxy service is a front for a criminal operation, as the service runs on top of a massive botnet consisting of 2,692 WordPress sites, nearly half of which are hosted in the US. The compromised websites have been infected with the Linux.Ngioweb backdoor

Read More