April 3, 2019

Shade Ransomware Campaign Compromises at Least 500 WordPress and Joomla Websites

2 min read - Security researchers discovered a hidden HTTP directory that is allowing threat actors to install Shade ransomware on WordPress and Joomla websites.

February 26, 2019

Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn

2 min read - By exploiting a critical Drupal vulnerability recently disclosed by developers, attackers could potentially take control of websites and servers built on the CMS.

November 20, 2018

WordPress Exploit in GDPR Plugin Puts 100,000 Websites at Risk

2 min read - Researchers discovered a WordPress Exploit in a plugin designed to help site owners comply with the GDPR that enables attackers to take control of admin accounts.

Application Security October 12, 2018

Is Your Site Protected Against Drupal Security Flaws?

2 min read - This past summer saw a pair of Drupal security flaws exposed and patched. Is your website secure?

Software Vulnerabilities October 10, 2018

Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers

4 min read - X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors.

September 10, 2018

New WordPress Phishing Campaigns Target User Credentials

2 min read - Newly discovered phishing campaigns are targeting WordPress users with malicious emails designed to steal user credentials.

July 18, 2017

WordPress Sites at Risk From PHP Code Execution

2 min read - New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.

June 7, 2017

Project Shadowfall Helps Tackle RIG Exploit Kit

2 min read - RSA, in collaboration with major security firms and GoDaddy, has identified and eliminated many of the subdomains used in the RIG exploit kit.

Software Vulnerabilities May 30, 2017

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

9 min read - To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.

May 15, 2017

Phony WordPress Domain Steals Cookies to Fool Web Admins

2 min read - Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.