• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Malware Updates

New Wave of SocGholish cid=27x Injections

November 23, 2022Denis Sinegubko

New Wave of SocGholish cid=27x Injections

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an…

Read More about New Wave of SocGholish cid=27x Injections

WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

June 16, 2022Ben Martin

WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

Our story starts like many others told on this blog: A new client came to us with reported cases of credit card theft on their eCommerce website. The website owner…

Read More about WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

June 9, 2022Ben Martin

Smilodon Credit Card Skimming Malware Shifts to WordPress

WordPress’ massive market share has come with an unsurprising side effect: As more and more site admins turn to popular plugins like WooCommerce to turn a profit on their website…

Read More about Smilodon Credit Card Skimming Malware Shifts to WordPress

A Brief Overview of Online Fraud and Abuse

June 30, 2021Ben Martin

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become…

Read More about Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

Trojan Spyware and BEC Attacks

July 6, 2020John Castro

Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and…

Read More about Vulnerabilities Digest: June 2020

Labs Notes Monthly Recap – May/2020

June 3, 2020Juliana Lewis

Labs Notes Monthly Recap – May/2020

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big…

Read More about Labs Notes Monthly Recap – May/2020

Labs Notes Monthly Recap – April/2020

May 4, 2020Juliana Lewis

Labs Notes Monthly Recap – April/2020

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big…

Read More about Labs Notes Monthly Recap – April/2020

Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability

March 12, 2020Justin Channell

Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability

Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…

Read More about Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability

Soak Soak Throwback Threat Thursday

December 19, 2019Denis Sinegubko

5 Year Anniversary of the SoakSoak Malware Tsunami

This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content…

Read More about 5 Year Anniversary of the SoakSoak Malware Tsunami

Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection

September 5, 2019Fioravante Souza

Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection

Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…

Read More about Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection

What is Cryptocurrency Mining Malware?

September 2, 2019Brian Bautista

What is Cryptocurrency Mining Malware?

Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency? Cryptocurrency is best thought of…

Read More about What is Cryptocurrency Mining Malware?

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.