Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
backdoor
Compromised plugins found on WordPress.org

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them …

fake
Researchers warn of increased malware delivery via fake browser updates

ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the …

Help Net Security
AI Spera launches Criminal IP FDS plugin to prevent fraudulent login attempts on WordPress

Criminal IP, an OSINT-based search engine provided by AI Spera, launched a new WordPress plugin called Anti-Brute Force, Login Fraud Detector, also known as Criminal IP FDS …

hand
Fake DDoS protection pages are delivering malware!

Malware peddlers are exploiting users’ familiarity with and inherent trust in DDoS protection pages to make them download and run malware on their computer, Sucuri …

account
Account pre-hijacking attacks possible on many online services

Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …

Secure your CMS-based websites against pervasive attacks

Sucuri Security’s 2021 Website Threat Research Report has revealed that payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and …

ecommerce
CMS-based sites under attack: The latest threats and trends

Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, …

online shopping
Small businesses urged to protect their customers from card skimming

With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming …

GoDaddy
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …

WordPress
Securing your WordPress website against ransomware attacks

It’s no surprise to anyone who works in security that there’s been an explosion in ransomware incidents over the last two years, costing companies across various industries …

LoginID SDK empowers developers to integrate FIDO strong authentication into their websites or apps

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps. A recent PYMNTS …

Hand
Why XSS is still an XXL issue in 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a …

Don't miss

Cybersecurity news