Cross-Origin Resource Sharing (CORS)
Rianna MacLeod Thanks to the rapid growth of JavaScript frameworks like Angular, React, and Vue, Cross-Origin Resource Sharing (CORS) has become a popular word in the developer’s…
Browsing Category
Website Security
1009 posts
From Privacy to Exfiltration: Telegram’s Role in Website Malware
Krasimir Konov Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites.…
How to Fix the NET::ERR_CERT_DATE_INVALID Error
Encountering the NET::ERR_CERT_DATE_INVALID error can be frustrating, but it’s important to address it promptly to ensure your website remains secure and trustworthy. This error typically…
What is a Zero-Day Vulnerability?
Gerson Ruiz Navigating the world of website security can feel like stepping into a minefield, especially when you have to navigate threats like zero-day vulnerabilities. Zero-days are…
What is Cookie Hijacking
Cesar Anjos Cookie hijacking involves unauthorized access to cookies, which are small pieces of data stored on your browser by websites you visit. Cookies often contain sensitive…
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Denis Sinegubko Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
Matt Morrow In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code —…
Web Shells: Types, Mitigation & Removal
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These…
What is .htaccess Malware? (Detection, Symptoms & Prevention)
Ben Martin The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with…
From Web3 Drainer to Distributed WordPress Brute Force Attack
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…
New Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…