Sucuri Security Blog

After many suggestions, we decide to setup a blog to better communicate with our users. Expect updates from http://sucuri.net and some security-related posts from us.

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

2 comments

http://example.com says:
October 8, 2016 at 11:30 am
“/>
“/>
http://example.com says:
October 8, 2016 at 11:32 am
[click here](javascript:alert(document.domain))

Comments are closed.

How to Create a Website Maintenance Plan & Contract

Victor Santoyo
August 13, 2019

In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have…

Read the Post

Input Validation for Web Forms & Website Security

Rianna MacLeod
July 9, 2024

Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files,…

Read the Post

Assemble the Cookies

Luke Leal
March 25, 2020

When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these…

Read the Post

Server Side Data Exfiltration via Telegram API

Cesar Anjos
March 18, 2021

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit…

Read the Post

Fake relatable domain used to distribute ads

Krasimir Konov
April 26, 2019

Malicious users try to hide their malicious scripts in many ways these days, some more clever then others, in this case we look at a…

Read the Post

WordPress Patch & Vulnerability Round up March 2023

WordPress Vulnerability & Patch Roundup March 2023

Cesar Anjos
March 30, 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Labs Notes Monthly Recap – Oct/2016

Estevao Avillez
November 4, 2016

In our September Labs Notes Recap, we listed recent discoveries made by our Incident Response and Malware Research Teams. These monthly recaps serve to bridge…

Read the Post

SocGholish and NDSW NDSX malware, FakeUpdates, SilverFish (SolarWind) and ransomware

SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques

Denis Sinegubko
August 16, 2022

In June 2022, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned…

Read the Post

How Undefined Variables Can Give You RCE

Fernando Barbosa
June 5, 2017

When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

Multistage WordPress Redirect Kit

Ben Martin
September 8, 2021

Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware…

Read the Post

2 comments

Related Categories

You May Also Like