Website Security News
Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, when you open the…
Read More about Chinese Gambling Spam Targets World Cup Keywords
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…
Read More about WordPress Vulnerability & Patch Roundup November 2022
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress…
Sure, there are tons of one-click installers floating around for WordPress. But they’re not always the most secure option — and can still be tedious to use, especially if you…
Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a…
Read More about How to Fix the “This Site May Harm Your Computer” Warning
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates…
Read More about New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to keep your site and server…
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to…
Read More about Massive ois[.]is Black Hat Redirect Malware Campaign
Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer’s vocabulary — and for good…
Read More about What Is Cross-Origin Resource Sharing (CORS)?
Consumers spent a whopping $33.9 billion during Cyber Week last year. With the average adult spending $430 on Black Friday alone, this period remains one of the biggest online shopping…
Read More about Black Friday & Cyber Monday Ecommerce Security Threats
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…
Read More about WordPress Vulnerability & Patch Roundup October 2022
![Massive ois[.]is Black Hat Redirect Malware Campaign Targets WordPress Sites](https://blog.sucuri.net/wp-content/uploads/2022/11/BlogPost_Feature-Image_1490x700_PHP-Login-Stealer-585x275.png)
