Security News

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

2024-03-22 11:27

A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent...

#scam #wordpress

Evasive Sign1 malware campaign infects 39,000 WordPress sites

2024-03-21 15:56

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files.

#evasive #malware #wordpress

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

2024-03-18 09:46

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The...

#critical #wordpress #CVE-2024-2172

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

2024-03-12 09:15

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected...

#exploit #malware #wordpress

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

2024-03-10 15:38

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. Sucuri says the exact actions of the code may vary, but the primary purpose of the injections appears to be redirecting visitors of infected sites to malicious destinations such as phishing pages and malware-dropping sites.

#exploit #hacker #malware #wordpress

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

2024-03-07 13:45

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of...

#attack #browser #hacked #wordpress

Hacked WordPress sites use visitors' browsers to hack other sites

2024-03-06 22:35

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.

#browser #hack #hacked #wordpress

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

2024-02-27 14:43

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the...

#vulnerability #wordpress #CVE-2023-40000

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

2024-02-27 05:43

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071,...

#critical #vulnerability #wordpress #CVE-2024-1071

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

2024-02-20 09:08

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600...

#attack #critical #wordpress #CVE-2024-25600

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News