A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.
Read more in my article on the Hot for Security blog.
More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant Coinhive cryptocurrency-mining code designed to exploit the resources of visiting computers.
As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…
Read more in my article on the Tripwire State of Security blog.
A serious vulnerability was found in one of the most popular WordPress plugins, and guess what?
It got fixed really quickly. :) All that remains is for you to apply the update on your web server.
Do you run WordPress on your website? Are you confident that your plugins are secure?
If your self-hosted WordPress website is using the TimThumb code, be warned that serious remote code execution vulnerability has been discovered that could allow malicious hackers to wreak havoc on your server.
Do you use the popular All in One SEO Pack plugin on your WordPress website?
If so, you need to update the plugin as soon as possible to the latest version.
Sell Hack, the controversial browser extension that promised to reveal LinkedIn users’ private email addresses has been shut down by its makers (at least temporarily) after they received a cease & desist order from the business networking site.
It sounds like a stalker’s or recruitment advisor’s wet dream, but there are good reasons to be wary of the “Sell Hack” tool that offers to reveal any LinkedIn user’s email address.