WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]
New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control
Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]
Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...]