'Lorem Ipsum' Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.
WordPress is a content management platform whose core, plugins, and themes can contain vulnerabilities that expose websites, accounts, and data.
Search across headline titles and summaries.
Background for this topic.
WordPress is an open-source content management system (CMS) used to publish and manage websites. A site typically combines WordPress core with independently developed plugins and themes, which extend functionality but create a diverse and changing software supply chain. Its security therefore depends not only on the core software, but also on the quality, maintenance, and configuration of those extensions.
Security-relevant issues include exploitable vulnerabilities in core, plugins, or themes; weak or reused administrator credentials; and exposed or poorly configured administrative and API interfaces. Attackers may use these paths to alter content, install malicious code, or access site data. Administrators should track advisories and affected versions, apply updates through a controlled process, remove unsupported extensions, enforce strong authentication and least privilege, and keep protected, tested backups. Monitoring and log review help identify unauthorized changes and support recovery when compromise is suspected.
Weekly headline count for the current query.
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes.
Vulnerable and malicious plug-ins are giving threat actors the ability to compromise WordPress sites and use them as a springboard to a variety of cyber threats and scams.
A massive cybercrime network known as "VexTrio" is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme.
The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.
WordPress moves could have security implications for sites using Advanced Custom Fields plug-in.
The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.
Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.
A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.
Nearly 200K WordPress sites could be vulnerable to the attack thanks to CVE-2023-6000, lurking in the PopUp Builder plug-in.
Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than 90K times.
A faux security alert purports to provide a fix for an RCE flaw, but instead creates a user with admin privileges and spreads a backdoor to infected sites.
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.
This Tech Tip outlines seven easy fixes small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
Abandoned sites — like Wordpress — are easy to break into, offer a legitimate looking cover, and can remain active for longer than average.
In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the the threat actor is also hijacking targeted domains to deliver the malware to other sites.