Website Security News
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered…
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big…
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big…
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content…
Read More about 5 Year Anniversary of the SoakSoak Malware Tsunami
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency? Cryptocurrency is best thought of…
W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a…
Read More about W97M/Downloader Malware Dropper Served from Compromised Websites
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago)…
Read More about From .tk Redirects to PushKa Browser Notification Scam
After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified…
Read More about More on Dnsden[.]biz Swipers and Radix Obfuscation
Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU…
Read More about Cookie Consent Script Used to Distribute Malware
![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-585x275.jpg)
