JoomDonation Compromised
Daniel Cid We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into…
Browsing Category
Vulnerability Disclosure
254 posts
Website Malware Removal: Phishing
Joseph Herbrandson As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and…
Security Advisory – High severity – WP-Statistics WordPress Plugin
Marc-Alexandre Montpas If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…
Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Peter Gramantik Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to…
Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Mickael Nadeau If you’re using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall…
Drupal Warns – Every Drupal 7 Website Compromised Unless Patched
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch…
The Details Behind the Akeeba Backup Vulnerability
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups…
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely…
Vulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online…
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This…