Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors, allowing attackers to serve malicious content to search engine crawlers while remaining invisible to the website owner. What did we find? During a malware investigation, we identified a selective content […]
Archive by Author
Google Sees Spam, You See Your Site: A Cloaked SEO Spam Attack
We recently handled a case where a customer reported strange SEO behavior on their website. Regular visitors saw a normal site. No popups. No redirects. No visible spam. However, when they checked their site on Google, the search results were flooded with eBay-type-looking websites and “Situs Toto” gambling spam. This is a professional-grade SEO cloaking […]
Fake Browser Updates Targeting WordPress Administrators via Malicious Plugin
We recently investigated a case involving a WordPress website where a customer reported persistent fake pop-up notifications appearing on their site. The warnings were urging them to update their browser (Chrome or Firefox), even though their software was already fully up-to-date. What made this case particularly unique was the targeting. The fake alerts were not […]
Vulnerability & Patch Roundup — December 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
How to Protect Your Site From Content Sniffing with HTTP Security Headers
Ever had a perfectly “safe” page or file turn into an attack vector out of nowhere? That can happen when browsers start guessing what your content is instead of listening to your server. Browsers sometimes try to figure out what kind of file they’re dealing with if the server doesn’t provide the Content-Type header or […]
How to Run a Security Test and Set Up Continuous Monitoring
Many website owners follow a similar “security plan,” even if they don’t call it that. They launch the site, add a couple of plugins, and just hope nothing goes wrong. The issue is that modern website hacks don’t make themselves obvious. Instead, they show up as small signs, like a redirect that only affects mobile […]
How to Protect Your WordPress Site From a Phishing Attack
If you run a website, manage a business inbox, or even just use online banking, you’ve already lived in the phishing era for a long time. The only thing that’s changed is the polish. Phishing scams have moved past those obviously fake “please verify” requests to include convincing login pages, realistic invoices, and even bogus […]
WordPress Auto-Login Backdoor Disguised as JavaScript Data File
During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers into administrator accounts without requiring any credentials. In September, we published an article showcasing another WordPress backdoor that creates admin accounts. This new variant takes a different approach by hijacking […]
Vulnerability & Patch Roundup — November 2025
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
A Beginner’s Guide to the CVE Database
Keeping websites and applications secure starts with knowing which vulnerabilities exist, how severe they are, and whether they affect your stack. That’s exactly where the CVE program shines. Below, we’ll cover some CVE fundamentals, including what they are, how to search and understand the data, and how to translate this information into actionable steps. Introduction […]
