plugin

bitdefender.com

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

Read more in my article on the Hot for Security blog.


0 sec read

Government websites hijacked by cryptomining plugin

More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant Coinhive cryptocurrency-mining code designed to exploit the resources of visiting computers.


1 min read

tripwire.com

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…

Read more in my article on the Tripwire State of Security blog.


0 sec read

Run WordPress SEO by Yoast on your website? You need to update it

A serious vulnerability was found in one of the most popular WordPress plugins, and guess what?

It got fixed really quickly. :) All that remains is for you to apply the update on your web server.


1 min read

SoakSoak malware hits over 100,000 WordPress websites

Do you run WordPress on your website? Are you confident that your plugins are secure?


1 min read

TimThumb plugin Webshot zero-day uncovered, WordPress websites at risk

If your self-hosted WordPress website is using the TimThumb code, be warned that serious remote code execution vulnerability has been discovered that could allow malicious hackers to wreak havoc on your server.


1 min read

Serious security hole found in SEO plugin used by millions of WordPress users. Update now

Do you use the popular All in One SEO Pack plugin on your WordPress website?

If so, you need to update the plugin as soon as possible to the latest version.


1 min read

Sell Hack, the controversial plugin that offered to uncover LinkedIn email addresses, shuts down for now

Sell Hack, the controversial browser extension that promised to reveal LinkedIn users’ private email addresses has been shut down by its makers (at least temporarily) after they received a cease & desist order from the business networking site.


1 min read

LinkedIn warns of Sell Hack browser plugin that claims to reveal hidden email addresses

It sounds like a stalker’s or recruitment advisor’s wet dream, but there are good reasons to be wary of the “Sell Hack” tool that offers to reveal any LinkedIn user’s email address.


2 min read

Mozilla admits Firefox add-ons contained Trojan code

Read more in my article at Naked Security.


1 sec read