Sucuri Security Blog

After many suggestions, we decide to setup a blog to better communicate with our users. Expect updates from http://sucuri.net and some security-related posts from us.

David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

2 comments

http://example.com says:
October 8, 2016 at 11:30 am
“/>
“/>
http://example.com says:
October 8, 2016 at 11:32 am
[click here](javascript:alert(document.domain))

Comments are closed.

FTP Logs Used to Determine Attack Vector

Krasimir Konov

June 10, 2019

Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find…

Read the Post

Sucuri Updates

Sucuri Website Backups Product Update

Jonas Andrijauskas

February 7, 2018

We’re excited to be sharing some changes we’ve recently pushed for our Website Backups product. If you’re not familiar with this feature, Sucuri Website Backups…

Read the Post

WordPress Vulnerability & Patch Roundup April 2023

Cesar Anjos

April 27, 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Vulnerable WordPress Sites Compromised Database Injections

Vulnerable WordPress Sites Compromised with Different Database Infections

Kayleigh Martin

January 19, 2023

Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common…

Read the Post

Xjquery Wave of WordPress SocGholish Injections

Denis Sinegubko

May 9, 2023

In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish…

Read the Post

Persistent Cross-site Scripting in WP Live Chat Support Plugin

John Castro

May 15, 2019

During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat…

Read the Post

Protecting Phishing Pages via .htaccess

Yuliyan Tsvetkov

July 11, 2017

Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny…

Read the Post

WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details

Ben Martin

February 2, 2022

The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times,…

Read the Post

4 Largest DDoS Attacks Ever & What You Can Learn From Them

The Largest DDoS Attacks & What You Can Learn From Them

Pilar Garcia

August 21, 2019

A DDoS (Distributed Denial of Service) is an attack that focuses on making the website unavailable to its legitimate users. DDoS attacks can produce service interruptions,…

Read the Post

Understanding & Stopping Malicious Redirects

Art Martori

May 22, 2020

Many website owners don’t know they’re infected with malicious redirects until they start getting calls from wary customers. Instead of the site they were expecting,…

Read the Post

2 comments

Related Categories

You May Also Like