How to Stop a DDoS Attack in 5 Steps
Victor Santoyo As a website administrator, keeping your site online during large traffic spikes is what you strive for. But how can you be sure traffic spikes…
WordPress Vulnerability & Patch Roundup December 2023
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
New Guide: Broken Access Control
Rianna MacLeod The complexity of modern websites exposes countless potential vulnerabilities to lurking attackers. One of the most underestimated threats? Broken Access Control (BAC). The risk lies…
MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer
Ben Martin One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…
What is a Content Security Policy (CSP)
Gerson Ruiz It’s always a good idea to be aware of the security issues that might affect your site. For example, cross-site scripting (XSS) attacks consist of…
Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
Denis Sinegubko On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…
Critical RCE Vulnerability Patched in Backup Migration Plugin
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days…
WPScan Intro: How to Scan for WordPress Vulnerabilities
In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding…
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…
Common Website Hacking Techniques
Website hacking — the act of exploiting weaknesses to gain unauthorized access to a website, database, cPanel, or admin dashboard — is a reality that…
Skimming Credit Cards with WebSockets
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with…