WordPress
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)
A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated …
MUT-1244 targeting security researchers, red teamers, and threat actors
A threat actor tracked as MUT-1244 by DataDog researchers has been targeting academics, pentesters, red teamers, security researchers, as well as other threat actors, in order …
Compromised plugins found on WordPress.org
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them …
Researchers warn of increased malware delivery via fake browser updates
ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the …
AI Spera launches Criminal IP FDS plugin to prevent fraudulent login attempts on WordPress
Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS …
Fake DDoS protection pages are delivering malware!
Malware peddlers are exploiting users’ familiarity with and inherent trust in DDoS protection pages to make them download and run malware on their computer, Sucuri …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …
Secure your CMS-based websites against pervasive attacks
Sucuri Security’s 2021 Website Threat Research Report has revealed that payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and …
CMS-based sites under attack: The latest threats and trends
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, …
Small businesses urged to protect their customers from card skimming
With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming …
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …
Securing your WordPress website against ransomware attacks
It’s no surprise to anyone who works in security that there’s been an explosion in ransomware incidents over the last two years, costing companies across various industries …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade