With its latest update, WordPress patched a vulnerability that could enable malicious plugin and theme developers to execute SQL injection attacks.
Approximately 200,000 websites running WordPress have been affected by a malware attack that used the Display Widgets plug-in to collect IP addresses.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
To protect their WordPress sites from scammers, administrators must proactively patch and monitor their installations to weed out unwanted content.
Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.
Starting with the release of version 7.2 at the end of this year, the core of PHP will use Libsodium by default for routine cryptographical operations.
IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.
Sucuri recently discovered a new WordPress hack that redirects users to malicious domains. Luckily, there are relatively easy ways to discover infections.
A recent threat report from Symantec found that zero-day vulnerabilities were found about once a week in 2015, representing a big increase from 2014.
IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.