WordPress Security News & Updates

Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins

Denis Sinegubko

August 22, 2018

This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites. When redirected, users see annoying pages with random…

Read the Post

Fake Plugins with Popuplink.js Redirect to Scam Sites

Denis Sinegubko

August 17, 2018

Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc…

Read the Post

RawGit CDN is Abused by CryptoLoot Cryptominers

Denis Sinegubko

July 31, 2018

Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/…

Read the Post

Using Innocent roles to hide admin users

Cesar Anjos

July 18, 2018

All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user…

Read the Post

WordPress Update – 4.9.7 Security & Maintenance Release

Marc-Alexandre Montpas

July 5, 2018

The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues. Included in this release…

Read the Post

CoinImp Cryptominer and Fully Qualified Domain Names

Denis Sinegubko

July 5, 2018

We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…

Read the Post

Google and Facebook Used in Phishing Campaigns

Fioravante Souza

July 3, 2018

We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types…

Read the Post

JQuory: Cryptomining in Nulled Themes and Plugins.

Denis Sinegubko

June 5, 2018

Three months ago b>@ninoseki</b revealed a group of sites with cryptomining scripts inside jquory.js files (yes, jquory instead of jquery). Coinhive(“I2OG8vGGXjF7wMQgL37BhqG5aVPjcoQL”) is trigged by “jquory.js”.…

Read the Post

Unwanted Ads via Baidu Links

Denis Sinegubko

April 10, 2018

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were…

Read the Post