Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Netlab researchers are warning that the Free-Socks.in proxy service is a front for a criminal operation, as the service runs on top of a massive botnet consisting of 2,692 WordPress sites, nearly half of which are hosted in the US. The compromised websites have been infected with the Linux.Ngioweb backdoor

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows attackers to inject malicious code into legitimate websites that will cause users to get redirected

A new study by Sucuri highlights the security shortcomings of e-commerce and other websites. According to the report, the vast majority of e-commerce websites using PrestaShop, OpenCart, Joomla or Magento that were hacked in 2018, were vulnerable to attacks because they ran outdated versions of these popular content management systems

The website of the WordPress Multilingual Plugin (WPML) has been hacked by an ex-employee over the weekend. As part of the attack, the threat actor sent an email to the 600,000 WPML customers claiming that the plugin for multilingual website support is riddled with “ridiculous security holes”, which caused two of

“WordPress sites are being targeted in a series of attacks tied to a 20,000 botnet-strong army of infected WordPress websites. Behind the WordPress-on-WordPress assault is a widespread brute-force password attack leveraged through a Russian proxy provider and targeting a developer application program interface (API). The attacks, first identified by the