The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with…
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was…
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…
Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware,…
Were your Google Ads just disapproved after a website compromise? Or, are you seeing policy violations for malicious or unwanted software in your Google Ads…
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…