Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Denis Sinegubko Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a…
Shifting Malware Tactics & Use of Non-Executable .txt & .log Files
Krasimir Konov The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware…
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…
Thousands of Sites with Popup Builder Compromised by Balada Injector
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
Input Validation for Web Forms & Website Security
Rianna MacLeod Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files,…
New Wave of SocGholish Infections Impersonates WordPress Plugins
Ben Martin SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…
WordPress Vulnerability & Patch Roundup February 2024
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
What Is DDoSing & How To Tell if You Are DDoSed
Stephen Johnston Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing…
WordPress Hacked: What to Do When Your Site is Compromised
OK – your WordPress site is hacked. Now what? Questions we frequently get from new users are, “Why was my WordPress site hacked?” and “What…
PHP Re-Infectors: How To Stop PHP Malware That Keeps Coming Back
Matt Morrow We all know why bad actors infect sites: monetary gain, boosts in SEO ratings for their malware or spam campaigns and a number of other…
What is HTTP Error 500 & How to Fix It
A frustrating interruption to anyone’s day is the infamous HTTP Error 500 internal server error message. When it happens not only do you lose traffic…