Distributed Vulnerability Search – Told via Access Logs
Denis Sinegubko Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of…
Helpscout Blacklisted by Norton
Rodrigo Escobar Early this morning we got complaints from our clients mentioning that Norton was flagging Helpscout, a Help Desk System. Some of the pages were triggering…
jQuery.min.php Malware Affects Thousands of Websites
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
vBulletin Exploits in the Wild
Daniel Cid **Update: CheckPoint disclosed more details here: Check Point Discovers Critical vBulletin 0-Day. The vBulletin team patched a serious object injection vulnerability yesterday, that can lead…
Return of the EXIF PHP Joomla Backdoor
Peter Gramantik Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an…
Reversed Pastebin Injection in Magento DB
Cesar Anjos We worked on an infected Magento site that had unwanted pop-up ads when you visited it. The culprit was this injected script (spaces added intentionally)…
WPScan Intro: WordPress Vulnerability Scanner
Alycia Mitchell Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Joomla SQL Injection Attacks in the Wild
Nov 2016 Update: We released a new free guide to help you identify and remove Joomla hacks. Read the Guide! Last week, the Joomla team…
Joomla 3.4.5 Released, Fixing a Serious SQL Injection Vulnerability
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated…
Massive Magento Guruincsite Infection
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because…
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.