• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

SQL Injection

Sucuri May Vulnerability Round-up

May 31, 2022Antony Garand

Vulnerability & Patch Round-up — May 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled a list of some important security updates and vulnerability patches for the WordPress ecosystem for…

Read More about Vulnerability & Patch Round-up — May 2022

April 2022 Sucuri Vulnerability Roundup

April 26, 2022Antony Garand

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…

Read More about Vulnerability Roundup – April 2022

Magento 2 PHP Skimmer Saves To Image File

March 10, 2021Luke Leal

Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection…

Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG

Duplicated WordPress Vulnerabilities

April 24, 2020Antony Garand

Duplicated Vulnerabilities in WordPress Plugins

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research,…

Read More about Duplicated Vulnerabilities in WordPress Plugins

Top 10 Hacks & Attacks from 2019

April 8, 2020Art Martori

Top 10 Hacks & Attacks from 2019

Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the…

Read More about Top 10 Hacks & Attacks from 2019

Labs Note

April 3, 2020Luke Leal

Fake License.txt File Loaded Through PHP Include

Our team recently found a malicious injection located within a PHP include. The redirect occurs via the include function, which includes a file inconspicuously named license.txt. During our investigation, we…

Read More about Fake License.txt File Loaded Through PHP Include

Labs Note

February 24, 2020Luke Leal

Magento Login Stealer in Fake bg_white.png Image

Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The injection was found in the…

Read More about Magento Login Stealer in Fake bg_white.png Image

Labs Note

February 7, 2020Luke Leal

Magento Credit Card Stealer: harilov[.]com

Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…

Read More about Magento Credit Card Stealer: harilov[.]com

Labs Note

February 5, 2020Luke Leal

Email Scraper: Mass Mail Grabber from Database

One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary tools to extract specific data…

Read More about Email Scraper: Mass Mail Grabber from Database

Labs Note

November 5, 2019Denis Sinegubko

Size for Opera: Hiding Spammy Links

There are many different tricks hackers use to make injected spam links invisible to regular visitors. Below is an example employed by one link spam campaign, which primarily promotes porn,…

Read More about Size for Opera: Hiding Spammy Links

cPanel

August 1, 2019Ben Martin

Neapolitan Backdoor Injection

Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which…

Read More about Neapolitan Backdoor Injection

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.