Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security…
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further…
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla, WordPress and custom websites. It was silently patched on Joomla…
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups…
In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on…