January 16, 2025 Gootloader inside out Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward Threat Research
March 24, 2023 WooCommerce Payments plugin for WordPress has an admin-level hole – patch now! Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site. Naked Security
February 24, 2022 S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript] Latest episode - listen now! Naked Security
February 22, 2022 WordPress backup plugin maker Updraft says “You should update”… A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story! Naked Security
June 05, 2020 Botnet blasts WordPress sites with configuration download attacks A million sites attacked by 20,000 different computers. Naked Security
April 30, 2020 Coronavirus delays trial of alleged Russian hacker a third time Justice has already been slow in this case, and the pandemic isn’t helping: His trial has been postponed for a third time. Naked Security
April 29, 2020 Flaw in defunct WordPress plugin exploited to create backdoor A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts. Naked Security
April 15, 2020 WordPress WooCommerce sites targeted by card swiper attacks Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files. Naked Security
April 02, 2020 Don’t get locked out of your own website – update this WordPress plugin now! In theory, crooks could mess up your site so vistors can't see your content, then lock you out so you can't jump in and fix it. Naked Security