Website Security News
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect…
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…
While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s…
Read More about Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro
Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from exploiting it. Today, we would…
In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as: The team maintaining the project The…
Read More about Understanding Zero-Day Vulnerabilities & Attacks
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other…
***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t fully address the issue and…
Read More about WP Mobile Detector Vulnerability Being Exploited in the Wild
Three days ago the ImageMagic (also known as, ImageTragick) vulnerability was released to the world. We’ve been actively monitoring this vulnerability, and have discovered a few different attacks targeting it….
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, Ruby and many others. It is also…
Read More about ImageMagick Remote Command Execution Vulnerability
Nov 2016 Update: If you need to clean your hacked Joomla site, we have released a new free guide to show you how to identify and remove hacks. Read the…
Read More about Critical 0-day Remote Command Execution Vulnerability in Joomla
**Update: CheckPoint disclosed more details here: Check Point Discovers Critical vBulletin 0-Day. The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on…
