This Week at WordPress.org (May 9, 2022)

Each week we are highlighting the news from WordPress.org that you don’t want to miss. If you or your company create products or services that use WordPress, we’ve got the news you need to know. Be sure to share this resource with your product and project managers. Are you interested in giving back and contributing… Continue reading This Week at WordPress.org (May 9, 2022)

BobWP’s Woo Snippet for the Week of May 1

WooCommerce RC1 and RC2 • GetEllipsis search volume trends report shows growth for Woo • Negative security perceptions • Remkus de Vries on burnout and making life changes. Over at WooCommerce Core, both the RC1 and RC2 for 6.5 came out this week in preparation for the May 10th final release. Alex Denning published his… Continue reading BobWP’s Woo Snippet for the Week of May 1

Massive WordPress JavaScript Injection Campaign Redirects to Ads 

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts… Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads 

Examining Emerging Backdoors

Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a “foot in the door” to execute their payload. We see… Continue reading Examining Emerging Backdoors

Manually Identifying an X-Cart Credit Card Skimmer

During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento… Continue reading Manually Identifying an X-Cart Credit Card Skimmer

WooCommerce Credit Card Skimmers Concealed In Fake Images

Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the… Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images

Hacked Website Threat Report 2021

Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research… Continue reading Hacked Website Threat Report 2021

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this… Continue reading Vulnerability Roundup – April 2022

Keeping Up With PHP Updates

Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client sites include injections, broken authentication, cross site scripting, or even attackers targeting components with known vulnerabilities. In this post, we’ll be going over why outdated PHP versions can lead to… Continue reading Keeping Up With PHP Updates