Newsletter WordPress Plugin Opens Door to Site Takeover
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover
Collaborate Disseminate
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. In b… Continue reading Attackers tried to grab WordPress configuration files from over a million sites
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.
Continue reading FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin
In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Am… Continue reading Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote
Severe CSRF to XSS bugs open the door to code execution and complete website compromise. Continue reading WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising. “While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s … Continue reading Nearly a million WordPress sites targeted in extensive attacks
A fresh module aims to compromise remote desktop accounts to access corporate resources. Continue reading TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
Sonatype has an ongoing commitment to the Open Source community to keep software developers aware of the components in their applications (Bill of Materials/BOM) and any known vulnerabilities they may contain. We are constantly developing and rele… Continue reading New Sonatype Scan Gradle Plugin
Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. The compromised servers are located across the globe and m… Continue reading Free trojanized WordPress themes lead to widespread compromise of web servers