WordPress security Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Aman Mishra — Tue, 29 Oct 2024 08:53:46 +0000

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware. The malware uses blockchain technology to obtain malicious payloads, exploiting social engineering tactics to deceive victims. Over 6,000 websites […]

The post ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SocGholish Malware Attacking Windows Users Using Fake Browser Update

Tushar Subhra — Tue, 30 Jul 2024 11:27:28 +0000

The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored by multiple threat groups such as the Russian-operated Evil Corp (Manatee Tempest) and the Initial Access Broker TA569 (Mustard Tempest). In recent times, it is seen that the malware now specifically […]

The post SocGholish Malware Attacking Windows Users Using Fake Browser Update appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Gurubaran — Fri, 03 May 2024 13:34:57 +0000

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and increasing the click-through rate for fraudulent purposes. Attackers are using a novel technique to redirect […]

The post Mal.Metrica Malware Hijacks 17,000+ WordPress Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sign1 Malware Hijacked 39,000 WordPress Websites

Eswar — Sun, 24 Mar 2024 05:30:57 +0000

A client’s website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign that targets websites and has infected over 2,500 websites in the past two months and uses challenging techniques to evade detection. Daily server-side scans are crucial to detect changes like new […]

The post Sign1 Malware Hijacked 39,000 WordPress Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

Gurubaran — Mon, 11 Mar 2024 14:21:36 +0000

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS attacks. A recent Balada Injector campaign discovered in January exploited a cross-site scripting (XSS) vulnerability tracked as CVE-2023-6000 with a CVSS base score of 8.8. According to Sucuri, they have noticed an […]

The post WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks

Gurubaran — Thu, 07 Mar 2024 11:25:56 +0000

Researchers recently uncovered distributed brute force attacks on target WordPress websites using the browsers of innocent site visitors. A recent increase in website hacking that targets Web3 and cryptocurrency assets was noticed two weeks ago. With the use of cryptocurrency drainers, this malware, which spreads among several campaigns, steals assets from compromised wallets and redistributes them. According to Sucuri […]

The post Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

Gurubaran — Fri, 10 Jul 2020 09:26:10 +0000

KingComposer, a WordPress plugin found installed with over 100,000 WordPress sites found vulnerable to Reflected Cross-Site Scripting. The vulnerability was found by the Wordfence security team with KingComposer Drag and Drop page building plugin. The vulnerability can be exploited by the attacker tricking the victim into clicking a malicious link, which sends the victim to […]

The post 100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials

Gurubaran — Thu, 04 Jun 2020 13:46:48 +0000

Cybercriminals launched more than 130 million attacks aiming to harvest database credentials from 1.3 million WordPress sites. In this massive attack campaign, cybercriminals used several plugin and theme vulnerabilities across the WordPress ecosystem. Security researchers from Wordfence observed the attack, the peak of the attack occurred on May 30, 2020. Campaign Linked to Previous Researchers […]

The post Massive Hacking Campaign Targets WordPress Websites to Steal Database Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Websites

Balaji — Wed, 01 Apr 2020 07:11:57 +0000

Researchers from Wordfence uncovered two RCE vulnerabilities in WordPress SEO plugin called Rank Math let hackers hijack nearly 200,000 vulnerable Websites and gain remote access. Rank Math is an SEO plugin for WordPress and it gives various SEO features such as Setup Wizard, Google Schema Markup, Optimizes Unlimited Keywords with 200,000 active installations. The first […]

The post Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WordPress 5.3.1 Released – Several Security Vulnerabilities Are Fixed – Update Now

Balaji — Sat, 14 Dec 2019 06:49:46 +0000

WordPress 5.3.1 released with security and maintenance based updates with 46 fixes and enhancements. There are 4 security vulnerabilities fixed in this update that affects WordPress versions 5.3 and earlier. WordPress announced that the WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. There are several maintenance updates are released […]

The post WordPress 5.3.1 Released – Several Security Vulnerabilities Are Fixed – Update Now appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.