WordPress

MUT-1244 targeting security researchers, red teamers, and threat actors

MUT-1244 targeting security researchers, red teamers, and threat actors 2024-12-16 at 17:33 By Zeljka Zorz A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order to steal AWS access keys, WordPress account credentials and other sensitive data. MUT-1244 has […]

React to this headline:

Loading spinner

MUT-1244 targeting security researchers, red teamers, and threat actors Read More »

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework 2024-10-14 at 09:52 By dakshsharma16 Key Takeaways Overview The Cyble Vulnerability Intelligence unit identified several new cyberattacks during the week of Oct. 2-8. Among the targets are the Ruby SAML library, several D-Link NAS devices, the aiohttp client-server framework used for asyncio and Python, and a

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on SAML, D-Link, Python Framework Read More »

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan 2024-10-01 at 08:46 By dakshsharma16 Key Takeaways Overview Cyble’s Threat Hunting service this week discovered multiple instances of exploit attempts, malware intrusions, financial fraud, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 18-24, Cyble researchers identified five recent active exploits, including new

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan Read More »

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks 2024-09-06 at 13:31 By Ionut Arghire A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks Read More »

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites 2024-08-27 at 18:16 By Ionut Arghire A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on

React to this headline:

Loading spinner

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Read More »

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites 2024-08-22 at 13:31 By Eduard Kovacs A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user. The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on

React to this headline:

Loading spinner

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

Compromised plugins found on WordPress.org

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Loading spinner

Compromised plugins found on WordPress.org Read More »

Several Plugins Compromised in WordPress Supply Chain Attack 

Several Plugins Compromised in WordPress Supply Chain Attack  2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Several Plugins Compromised in WordPress Supply Chain Attack  Read More »

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors 2024-05-30 at 18:17 By Ionut Arghire Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors Read More »

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors 2024-04-26 at 13:16 By Ionut Arghire A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks 2024-03-11 at 17:18 By Ionut Arghire A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. The post Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks Read More »

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin 2024-02-26 at 17:33 By Ionut Arghire The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin Read More »

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin 2024-02-20 at 16:16 By Ionut Arghire Attackers are exploiting a recent remote code execution flaw in the Bricks Builder WordPress plugin to deploy malware. The post Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin Read More »

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution 12/12/2023 at 17:31 By Ionut Arghire Critical remote code execution flaws in Backup Migration and Elementor plugins expose WordPress sites to attacks. The post Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution Read More »

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

WordPress 6.4.2 Patches Remote Code Execution Vulnerability 08/12/2023 at 18:32 By Ionut Arghire WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

WordPress 6.4.2 Patches Remote Code Execution Vulnerability Read More »

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain 20/10/2023 at 10:04 By Cointelegraph By Martin Young According to cybersecurity analysts at 0xScope and CertiK, threat actors may prefer using BNB Smart Chain contracts because it’s cheaper and seen as having lower security than Ethereum. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain Read More »

Researchers warn of increased malware delivery via fake browser updates

Researchers warn of increased malware delivery via fake browser updates 17/10/2023 at 13:32 By Zeljka Zorz ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded. About ClearFake ClearFake

React to this headline:

Loading spinner

Researchers warn of increased malware delivery via fake browser updates Read More »

Scroll to Top