#SucuriReport

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

by

March 22, 2024 at 08:33AM The Sign1 malware campaign has compromised 39,000 WordPress sites in six months, using malicious JavaScript injections to redirect users to scam sites. The recent variant infected 2,500 sites in the last two months alone. The campaign employs rogue JavaScript injected into legitimate HTML widgets and plugins, with time-based randomization to … Read more

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

by

March 10, 2024 at 11:42AM Hackers are exploiting an XSS vulnerability in outdated Popup Builder plugin versions, infecting over 3,300 WordPress sites with malicious code. A new campaign targeting the same vulnerability has seen a notable uptick, with Sucuri reporting 1,170 infections. To defend against these attacks, users are advised to upgrade to Popup Builder … Read more