The website of the vBulletin forum software is down for maintenance following a data breach that exposed personal information of hundreds of thousands users On Sunday, the vBulletin official website has been hacked by an attacker using the moniker âColdzer0.â The website has been defaced and the vBulletin forum was displaying the message âHacked by Coldzer0.â At the […]
Security experts at Sucuri reported a number of attacks exploiting a critical SQL injection flaw recently disclosed in the Joomla Content Management System. A few days ago, security experts disclosed a critical SQL injection vulnerability in the Joomla Content Management System (CVE-2015-7858), but as expected, threat actors in the wild are exploiting it in attacks against websites […]
Sucuri has noticed a spike in the number of compromised websites as part of a malware campaign which relies on thousands of compromised WordPress sites. According to security experts at Sucuri, threat actors have hijacked thousands of websites running the WordPress CMS to serve malware. The technique is not new, legitimate compromised websites host malicious […]
Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Heimdal Security recently published an interesting blog post on the increase in malicious scripts that are being injected into legit websites in order to serve malware. The attackers compromise websites running […]
The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension is developed […]
WordPress has just released a critical update to fix a serious XSS vulnerability that allows attackers to easily hijack websites based on the popular CMS. A cross-site scripting vulnerability is threatening WordPress content management system platforms worldwide. The popular CMS is used by nearly 186,700 of the top one million websites. An attacker can exploit the […]
The Drupal team issued an update to fix a flaw that allows attackers reset password by crafting URLs under certain circumstances. Security experts discovered two critical vulnerabilities in Drupal CMS, one of them is an Access bypass (Password reset URLs) vulnerability that could be exploited to forge Password Reset URLs. “Password reset URLs can be forged […]
A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]
The popular copy and paste website Pastebin has been leveraged by hackers to serve a backdoor to millions of users by exploiting flaws in a WordPress plugin. Malware authors have demonstrated a great inventiveness using any kind of platform and technique to control their malicious code. Security experts have detected botnet controlled via Gmail drafts, Evernote or […]
Google blacklisted over 11000 domains that were infected with this SoakSoak malware which redirect user traffic and download malicious payloads on targets. WordPress is one of the most popular content management system (CMS) with more than 70 million websites on the Internet. For this reason, it is under continuous attack by threat actors that try to […]