threatpost.com :: Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.
threatpost.com :: An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks.
threatpost.com :: Multiple actors in multiple campaigns are using the web shell for remote access, even though it's almost a decade old and hasn't been updated.
threatpost.com :: Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.
threatpost.com :: A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts.
threatpost.com :: Standard email authentication to prevent spoofing and phishing remains elusive for most.
threatpost.com :: Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.
threatpost.com :: An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.
threatpost.com :: A dropper called “Topinambour" is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.
threatpost.com :: After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.
threatpost.com :: The vulnerability can be exploited on a drive-by basis by a malicious website.
threatpost.com :: A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.
threatpost.com :: Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.
threatpost.com :: A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally.
threatpost.com :: Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.
threatpost.com :: A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.
threatpost.com :: The vulnerable kits also offer a point of entry to compromise legitimate website servers.
threatpost.com :: Researchers are warning of flaws in two WordPress plugins - Slick Popup and WP Database Backup - including one that remains unpatched.
threatpost.com :: New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.
threatpost.com :: After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.
threatpost.com :: Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.
threatpost.com :: Researchers are urging Oracle WebLogic users to update quickly - after new Muhstik botnet samples started targeting a critical flaw in the servers.
threatpost.com :: Yet another WordPress plugin vulnerability has put thousands of websites at risk.
threatpost.com :: More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.
threatpost.com :: Why many attack techniques can be reused – but organizations can't defend against them.
threatpost.com :: Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.
threatpost.com :: A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.
threatpost.com :: MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.