website security

Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites

by

October 12, 2023 at 10:38AM Researchers have discovered a sophisticated malware hidden within an authentic-looking WordPress caching plugin. This malware can create admin accounts and remotely activate plugins, giving threat actors complete control over infected websites. The malware can be difficult to detect and has features like conditional content filtering and file modification capabilities. WordPress … Read more

October 10, 2023 at 06:06AM – New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards

by

October 10, 2023 at 06:06AM A new Magecart campaign is using websites’ 404 error pages to conceal malicious code, according to security researcher Roman Lvovsky. The campaign targets Magento and WooCommerce websites, inserting the code directly into HTML pages and scripts. The attacks use a multi-stage process to capture and exfiltrate visitor data on checkout … Read more