Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins aka mu-plugins are special plugins that are automatically activate...

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which...

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1

Most of our customers scan a single site or a small number of sites for PHP malware using the Wordfence Plugin, and they coordinate scanning across multiple sites with Wordfence Central. If you are responsible for securing a large hosting provider network as part of an operations or security team...

New PHP-based Ducktail infostealer is now after crypto wallets

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. The Ducktail Woo-ooh! campaign was first made...

Php-Malware-Finder - Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...

ShopEx 最新版后台getshell

简要描述： 最新版shopex-single-4.8.5.81518 后台某处设计缺陷，可以绕过限制，导致可以操作任意文件，最终getshell。 详细说明： 现在流传的拿shell的方法好像都失效了，最新版的getshell。 在后台页面管理——模版列表——模板文件管理中，编辑任意文件： 然后在文件的内容中写入php木马，然后保存，截包： 在修改截获的数据包，修改name的值为php后缀的，这里直接输入php后缀是不行的，可以使用%00绕过： 保存成功。模板文件列表中已经生产了xiaoma.php文件。 最后连接一下：...

MYPHP 4.0 企业建站系统上传漏洞

未能很好的过滤上传文件扩展而引起的上传漏洞 /adminc/downupload.php ====================================================================================== $downtype=".doc|.zip|.rar|.gif|.jpg|.jpeg|.png|.xls|.pdf|.ppt|.exe"; if !strstr$downtype, $imgtypetype echo "span class=txt请上传".$downtype."类型文件/span"; exit;...