FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Read more in my article on the Tripwire State of Security blog.

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

Read more in my article on the Hot for Security blog.

Government websites hijacked by cryptomining plugin

More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant Coinhive cryptocurrency-mining code designed to exploit the resources of visiting computers.

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…

Read more in my article on the Tripwire State of Security blog.

Run WordPress SEO by Yoast on your website? You need to update it

A serious vulnerability was found in one of the most popular WordPress plugins, and guess what?

It got fixed really quickly. :) All that remains is for you to apply the update on your web server.

SoakSoak malware hits over 100,000 WordPress websites

Do you run WordPress on your website? Are you confident that your plugins are secure?

TimThumb plugin Webshot zero-day uncovered, WordPress websites at risk

If your self-hosted WordPress website is using the TimThumb code, be warned that serious remote code execution vulnerability has been discovered that could allow malicious hackers to wreak havoc on your server.

Serious security hole found in SEO plugin used by millions of WordPress users. Update now

Do you use the popular All in One SEO Pack plugin on your WordPress website?

If so, you need to update the plugin as soon as possible to the latest version.

Sell Hack, the controversial plugin that offered to uncover LinkedIn email addresses, shuts down for now

Sell Hack, the controversial browser extension that promised to reveal LinkedIn users’ private email addresses has been shut down by its makers (at least temporarily) after they received a cease & desist order from the business networking site.

LinkedIn warns of Sell Hack browser plugin that claims to reveal hidden email addresses

It sounds like a stalker’s or recruitment advisor’s wet dream, but there are good reasons to be wary of the “Sell Hack” tool that offers to reveal any LinkedIn user’s email address.

Mozilla admits Firefox add-ons contained Trojan code

Read more in my article at Naked Security.