Web Shells: Types, Mitigation & Removal

Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to gain entry. Once deployed, web shells allow attackers to manipulate the server, leading to data […]

Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS

We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins that can easily turn a WordPress site into a fully-featured online store. This popularity also […]

WordPress Vulnerability & Patch Roundup March 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Sucuri WordPress Plugin Updates for 2024

At Sucuri, we believe in making the internet safe for everyone. One way we show this is through our free WordPress security plugin. The Sucuri WordPress plugin is available for download in the WordPress repository. It comes with a range of security features, including WordPress hardening, malware scanning, core integrity check, post-hack features and email […]

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

<img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2023/01/BlogPost_Feature-Image_1490x700_Is-WordPress-Secure–560×263.png" alt="New Malware Campaign Found Exploiting Stored XSS in Popup Builder In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve started […]

From Web3 Drainer to Distributed WordPress Brute Force Attack

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]

New Wave of SocGholish Infections Impersonates WordPress Plugins

SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]

WordPress Vulnerability & Patch Roundup February 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]