Security researchers discovered a hidden HTTP directory that is allowing threat actors to install Shade ransomware on WordPress and Joomla websites.
By exploiting a critical Drupal vulnerability recently disclosed by developers, attackers could potentially take control of websites and servers built on the CMS.
Researchers discovered a WordPress Exploit in a plugin designed to help site owners comply with the GDPR that enables attackers to take control of admin accounts.
This past summer saw a pair of Drupal security flaws exposed and patched. Is your website secure?
X-Force observed attackers using known Drupal vulnerabilities, including Drupalgeddon, to target websites and the underlying infrastructure that hosts them, leveraging Shellbot to open backdoors.
Newly discovered phishing campaigns are targeting WordPress users with malicious emails designed to steal user credentials.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
RSA, in collaboration with major security firms and GoDaddy, has identified and eliminated many of the subdomains used in the RIG exploit kit.
To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.