40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Denis Sinegubko Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…
Thousands of Sites with Popup Builder Compromised by Balada Injector
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
Input Validation for Web Forms & Website Security
Rianna MacLeod Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files,…
New Wave of SocGholish Infections Impersonates WordPress Plugins
Ben Martin SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…
WordPress Vulnerability & Patch Roundup February 2024
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
What Is DDoSing & How To Tell if You Are DDoSed
Stephen Johnston Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing…
WordPress Hacked: What to Do When Your Site is Compromised
OK – your WordPress site is hacked. Now what? Questions we frequently get from new users are, “Why was my WordPress site hacked?” and “What…
PHP Re-Infectors: How To Stop PHP Malware That Keeps Coming Back
Matt Morrow We all know why bad actors infect sites: monetary gain, boosts in SEO ratings for their malware or spam campaigns and a number of other…
What is HTTP Error 500 & How to Fix It
A frustrating interruption to anyone’s day is the infamous HTTP Error 500 internal server error message. When it happens not only do you lose traffic…
Web3 Crypto Malware: Angel Drainer Overview, Variants & Stats
Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware,…
SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques
In June 2022, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned…