Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack
Ben Martin In today’s post we’re going to review a sophisticated, multi-stage carding attack on a Magento eCommerce website. This malware leveraged a fake gif image file,…
Easy Guide to Saving HAR Files and Console Logs for Troubleshooting
Maninder Toor When something goes wrong with a website – whether it is a broken design, slow performance, shows an error message or something else, it is…
When Good Software Goes Bad
Matt Morrow Most often bad actors try their best to hide their activities by using obfuscated code or by uploading fake plugins or themes that inject simple…
Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress
Puja Srivastava Recently, we’ve encountered cases where WordPress websites were impacted by Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad…
Fake Font Domain Used to Skim Credit Card Data
Kayleigh Martin Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card…
Understanding FTP and SFTP: A Guide to Secure File Transfers
Kyle Knight Updating your website means getting files to your server, but the process can feel like a chore when simply navigating in a conventional hosting panel.…
Vulnerability & Patch Roundup — March 2025
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Hidden Malware Strikes Again: Mu-Plugins Under Attack
At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors…
Quick Guide to Magento Security Patches
Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by…
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of…
Credit Card Skimmer and Backdoor on WordPress E-commerce Site
The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files…