Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy’s Sucuri, “leverages all known and recently discovered theme and plugin vulnerabilities” to breach WordPress sites. The attacks are known to play out in waves once every few […]
Cybersecurity researchers from Malwarebytes have discovered a number of WordPress(opens in new tab) websites that were compromised and infected with a malicious plugin that quietly generates ad traffic. In a blog post(opens in new tab) detailing their findings, it was said that a “few dozen” WordPress websites were breached, and whoever was behind the attack […]
A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of the targeted systems. “This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ‘:::trim:::’ to split data communicated to and […]
Latest Comments