Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
Denis Sinegubko Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…
WP-VCD Malware Comes with Nulled Themes
Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…
Backdoor using paste site to host payload
Bruno Zanelato Over the last months, we’ve been talking a lot about new ways to decode complex malwares that involve the usual PHP functions like eval, create_function,…
IPv6 address in malicious Javascript redirect
Luke Leal We recently came across a file that shows an interesting case with a Javascript malicious code injection in a website’s custom script file, though it’s…
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
Marc-Alexandre Montpas On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are…
Fake jQuery and Google Analytics Hide Yet Another Cryptominer
This is a quick posts about yet another quite massive attack that installs CoinHive JavaScript Monero miners on compromised websites. You might have already read…
Risks For E-commerce Site Owners Through the Holidays
Pilar Garcia Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also…
How to Avoid Malicious Cyber Monday Campaigns
Ahmad Azizan Idris As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are crafting fraudulent…
SQL Injection in bbPress
During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If…
New wave of wp-vcd Malware
Krasimir Konov Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.The malware, well analysed by…
Why Attackers Hack Small Sites
You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize…