Website Malware – Evolution of Pseudo Darkleech
Denis Sinegubko Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
Browsing Category
WordPress Security
662 posts
jQuery.min.php Malware Affects Thousands of Websites
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
WPScan Intro: WordPress Vulnerability Scanner
Alycia Mitchell Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Brute Force Amplification Attacks Against WordPress XMLRPC
Daniel Cid Brute force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have…
Security Advisory: Stored XSS in Jetpack
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…
WordPress Malware – VisitorTracker Campaign Update
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code.…
WordPress Malware – Active VisitorTracker Campaign
We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the…
WordPress Brute Force Attacks – 2015 Threat Landscape
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an…
Wigo Means Bingo for Blackseo Agent
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi(‘-dbst’,$_SERVER[‘REQUEST_URI’]))…
Persistent XSS Vulnerability in WordPress Explained
Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you’ll find one that we identified a few months…