5 matches found
Law enforcement reels in phishing-as-a-service whopper
A major international law enforcement effort involving agencies from 19 countries has disrupted the notorious LabHost phishing-as-a-service platform. Europol reports that the organizations infrastructure has been compromised, its website shut down, and 37 suspects arrested, including four people ...
Adsense abused: 11,000 sites hacked in a backdoor attack
By Waqas All infected websites are using the WordPress CMS. This is a post from HackRead.com Read the original post: Adsense abused: 11,000 sites hacked in a backdoor attack...
YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites
As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and trac...
XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence team began the disclosure process for a reflected Cross-Site ScriptingXSS vulnerability we found in...
Critical vulnerabilities found in WordPress plugin affecting 400,000 sites.
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Around 400,000 sites were affected by several critical vulnerabilitiesCVE-2021-34621, CVE-2021-34622, CVE-2021-34623, CVE-2021-34624 discovered in ProfilePress, a WordPress plugin. The vulnerabilities are easily exploitable...