New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
RSA, in collaboration with major security firms and GoDaddy, has identified and eliminated many of the subdomains used in the RIG exploit kit.
To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.
Starting with the release of version 7.2 at the end of this year, the core of PHP will use Libsodium by default for routine cryptographical operations.
Security specialists have unearthed three PHP vulnerabilities that could have had serious consequences for organizations and consumers alike.
IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.
A recent threat report from Symantec found that zero-day vulnerabilities were found about once a week in 2015, representing a big increase from 2014.
IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.
Drupal 6 hit its end-of-life mark, meaning the service is now unsupported. Users may be vulnerable to exploits by cybercriminals.