Wordpress Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Aman Mishra — Tue, 29 Oct 2024 08:53:46 +0000

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware. The malware uses blockchain technology to obtain malicious payloads, exploiting social engineering tactics to deceive victims. Over 6,000 websites […]

The post ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites

Divya — Tue, 20 Aug 2024 08:24:18 +0000

A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks. The vulnerability was responsibly disclosed by a security researcher named villu164 through the Wordfence Bug Bounty Program. CVE-2024-5932 – The Vulnerability Explained PHP […]

The post Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability

Divya — Fri, 02 Aug 2024 08:30:42 +0000

Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas). The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary files to a vulnerable site, potentially leading to remote code execution and complete site takeover. This alarming development underscores the importance of maintaining updated plugins and robust security measures. Discovery and […]

The post Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SocGholish Malware Attacking Windows Users Using Fake Browser Update

Tushar Subhra — Tue, 30 Jul 2024 11:27:28 +0000

The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored by multiple threat groups such as the Russian-operated Evil Corp (Manatee Tempest) and the Initial Access Broker TA569 (Mustard Tempest). In recent times, it is seen that the malware now specifically […]

The post SocGholish Malware Attacking Windows Users Using Fake Browser Update appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts

Divya — Tue, 25 Jun 2024 09:34:04 +0000

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial discovery was made when the team found that the Social Warfare plugin had been injected with malicious code on June 22nd, 2024. This discovery was based on a forum post by the WordPress.org Plugin Review team. Upon further investigation, Wordfence […]

The post Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Gurubaran — Fri, 03 May 2024 13:34:57 +0000

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and increasing the click-through rate for fraudulent purposes. Attackers are using a novel technique to redirect […]

The post Mal.Metrica Malware Hijacks 17,000+ WordPress Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sign1 Malware Hijacked 39,000 WordPress Websites

Eswar — Sun, 24 Mar 2024 05:30:57 +0000

A client’s website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign that targets websites and has infected over 2,500 websites in the past two months and uses challenging techniques to evade detection. Daily server-side scans are crucial to detect changes like new […]

The post Sign1 Malware Hijacked 39,000 WordPress Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

Divya — Mon, 18 Mar 2024 10:59:47 +0000

A critical vulnerability was discovered in two plugins developed by miniOrange. The affected plugins, miniOrange’s Malware Scanner and Web Application Firewall, contained a severe privilege escalation flaw that could allow unauthenticated attackers to gain administrative access to WordPress sites. This discovery underscores website administrators’ ongoing risks and challenges in securing their digital assets against sophisticated […]

The post Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks

Gurubaran — Thu, 07 Mar 2024 11:25:56 +0000

Researchers recently uncovered distributed brute force attacks on target WordPress websites using the browsers of innocent site visitors. A recent increase in website hacking that targets Web3 and cryptocurrency assets was noticed two weeks ago. With the use of cryptocurrency drainers, this malware, which spreads among several campaigns, steals assets from compromised wallets and redistributes them. According to Sucuri […]

The post Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web Shell

Gurubaran — Wed, 06 Mar 2024 06:02:59 +0000

Hackers have been found exploiting a vulnerability in a WordPress Plugin 3DPrint Lite(CVE-2021-4436) to deploy the notorious Godzilla Web Shell. This malicious activity significantly threatens website security and data integrity, prompting concerns among cybersecurity experts and website administrators worldwide. Cybercriminals commonly exploit vulnerabilities in popular software, such as WordPress plugins, to gain unauthorized access to […]

The post Hackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web Shell appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.