Pierluigi Paganini December 07, 2017
Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts

Nearly 5,500 WordPress websites are infected with a malicious script that logs keystrokes and in some loads a cryptocurrency miner in the visitors’ browsers. The experts from security firm Sucuri observed that that malicious script is being loaded from the “” domain, that anyway is not linked with Cloudflare. According to PublicWWW, this malicious script […]

Pierluigi Paganini April 19, 2017
Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a huge impact on […]

Pierluigi Paganini March 01, 2017
SQLi flaw in the NextGEN Gallery plugin exposes at risk of hack more than 1 Million WordPress Installs

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensitive […]

Pierluigi Paganini June 05, 2016
Old CVE-2014-3704 flaw in Drupal still exploited in attacks

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drupal fixed the […]

Pierluigi Paganini February 19, 2016
Thousands of WordPress websites used as a platform to launch DDOS

In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were exploited to launch Layer 7 distributed denial of service (DDoS) attacks. In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were generating a sustained rate of 10,000 to 11,000 HTTPS requests per second […]

Pierluigi Paganini October 10, 2015
Brute-Force amplification attacks on WordPress rely on XML-RPC

Security experts at Sucuri have uncovered threat actors abusing an XML-RPC method to run Brute-Force amplification attacks on WordPress websites. According to the experts at security firm Sucuri, threat actors are exploiting the XML-RPC protocol implemented by WordPress and other popular content management systems to run brute-force amplification attacks. The XML-RPC protocol allows users to […]

Pierluigi Paganini September 18, 2015
Thousands of legitimate WordPress sites are serving malware

Sucuri has noticed a spike in the number of compromised websites as part of a malware campaign which relies on thousands of compromised WordPress sites. According to security experts at Sucuri, threat actors have hijacked thousands of websites running the WordPress CMS to serve malware. The technique is not new, legitimate compromised websites host malicious […]

Pierluigi Paganini September 15, 2015
Crooks are abusing Google Search Console to remain under the radar

Experts at Sucuri revealed that cybercriminals are abusing Google Search Console to hide their presence in compromised websites, administrators are advised! Security experts at Sucuri firm have discovered cyber criminals are increasingly abusing legitimate webmaster tools (Google Search Console) for black hat SEO and hide their presence on compromised websites. The operation for crooks is […]

Pierluigi Paganini June 27, 2015
Magento payment card stealers are being used in the wild

The security researchers at Sucuri firm discovered a malicious code that could be used to steal payment card data from Magento platform. Security experts at Sucuri have uncovered a new method used by criminals to syphon payment card data from websites based on the Magento e-commerce Platform. Researchers explained that attackers can collect any data submitted […]

Pierluigi Paganini April 24, 2015
Magento Flaw Exploited in the Wild a few hours after disclosure

Sucuri revealed that cyber criminals are attempting to hijack online shops based on Magento platform by exploiting a recently disclosed critical flaw. According to the security experts at Sucuri firm, within 24 hours after the disclosure of the vulnerability in Magento platform, bad actors are already attempting to hack e-commerce websites using it. The experts traced back the attacks […]