What is Cookie Hijacking
Cesar Anjos Cookie hijacking involves unauthorized access to cookies, which are small pieces of data stored on your browser by websites you visit. Cookies often contain sensitive…
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Denis Sinegubko Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…
WordPress Maintenance: Tasks & Best Practices
Rianna MacLeod If you’re managing a WordPress site, it’s crucial to ensure it runs smoothly and securely. Many site owners worry that WordPress maintenance is a complex…
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
Matt Morrow In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code —…
Web Shells: Types, Mitigation & Removal
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These…
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
Puja Srivastava We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a…
WordPress Vulnerability & Patch Roundup March 2024
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise
Ben Martin A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…
What is .htaccess Malware? (Detection, Symptoms & Prevention)
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with…
Sucuri WordPress Plugin Updates for 2024
At Sucuri, we believe in making the internet safe for everyone. One way we show this is through our free WordPress security plugin. The Sucuri…
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was…