Pierluigi Paganini
November 03, 2015
The website of the vBulletin forum software is down for maintenance following a data breach that exposed personal information of hundreds of thousands users On Sunday, the vBulletin official website has been hacked by an attacker using the moniker “Coldzer0.” The website has been defaced and the vBulletin forum was displaying the message “Hacked by Coldzer0.” At the […]
Pierluigi Paganini
October 28, 2015
Security experts at Sucuri reported a number of attacks exploiting a critical SQL injection flaw recently disclosed in the Joomla Content Management System. A few days ago, security experts disclosed a critical SQL injection vulnerability in the Joomla Content Management System (CVE-2015-7858), but as expected, threat actors in the wild are exploiting it in attacks against websites […]
Pierluigi Paganini
September 18, 2015
Sucuri has noticed a spike in the number of compromised websites as part of a malware campaign which relies on thousands of compromised WordPress sites. According to security experts at Sucuri, threat actors have hijacked thousands of websites running the WordPress CMS to serve malware. The technique is not new, legitimate compromised websites host malicious […]
Pierluigi Paganini
September 08, 2015
Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Heimdal Security recently published an interesting blog post on the increase in malicious scripts that are being injected into legit websites in order to serve malware. The attackers compromise websites running […]
Pierluigi Paganini
July 22, 2015
The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension is developed […]
Pierluigi Paganini
April 27, 2015
WordPress has just released a critical update to fix a serious XSS vulnerability that allows attackers to easily hijack websites based on the popular CMS. A cross-site scripting vulnerability is threatening WordPress content management system platforms worldwide. The popular CMS is used by nearly 186,700 of the top one million websites. An attacker can exploit the […]
Pierluigi Paganini
March 20, 2015
The Drupal team issued an update to fix a flaw that allows attackers reset password by crafting URLs under certain circumstances. Security experts discovered two critical vulnerabilities in Drupal CMS, one of them is an Access bypass (Password reset URLs) vulnerability that could be exploited to forge Password Reset URLs. “Password reset URLs can be forged […]
Pierluigi Paganini
February 11, 2015
A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]
Pierluigi Paganini
January 08, 2015
The popular copy and paste website Pastebin has been leveraged by hackers to serve a backdoor to millions of users by exploiting flaws in a WordPress plugin. Malware authors have demonstrated a great inventiveness using any kind of platform and technique to control their malicious code. Security experts have detected botnet controlled via Gmail drafts, Evernote or […]
Pierluigi Paganini
December 15, 2014
Google blacklisted over 11000 domains that were infected with this SoakSoak malware which redirect user traffic and download malicious payloads on targets. WordPress is one of the most popular content management system (CMS) with more than 70 million websites on the Internet. For this reason, it is under continuous attack by threat actors that try to […]
Hacking / November 23, 2024
