Matt Morrow
Browsing Category
Security Advisory
215 posts
When Good Software Goes Bad
Most often bad actors try their best to hide their activities by using obfuscated code or by uploading fake plugins or themes that inject simple…
Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress
Puja Srivastava Recently, we’ve encountered cases where WordPress websites were impacted by Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad…
Fake Font Domain Used to Skim Credit Card Data
Kayleigh Martin Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card…
Vulnerability & Patch Roundup — March 2025
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Hidden Malware Strikes Again: Mu-Plugins Under Attack
At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors…
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
Ben Martin Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of…
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted…
Vulnerability & Patch Roundup — February 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam
Injecting malware via a fake WordPress plugin has been a common tactic of attackers for some time. This clever method is often used to bypass…
WordPress ClickFix Malware Causes Google Warnings and Infected Computers
Since December of last year there has been a new fake Google reCAPTCHA campaign making its way through the WordPress world. Very similar to malware…
When Spam Hides In Plain Sight
We recently worked on an interesting case where Casino spam was visible in the page source, but couldn’t be located in any of the usual…