Infosecurity News
Fake Online Stores Scam Over 850,000 Shoppers
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
Infosecurity News
Researchers discover 75,000+ domains hosting fraudulent e-commerce sites, in a campaign dubbed BogusBazaar
Bleeping Computer
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.
The Hacker News
E-commerce website owners and admins – BEWARE! Reseachers uncover a credit card skimmer hidden within a bogus Meta Pixel tracker script.
Cyber Security News
Of all the security flaws discovered in the WordPress ecosystem, XSS vulnerabilities accounted for about 53.3% of the total.
The Cyber Express
A new Essential Addons For Elementor vulnerability has been revealed, affecting over 2 million websites utilizing the popular WordPress plugin.
The Cyber Express
An anonymous threat actor on dark web has allegedly announced a vulnerability in WordPress, offering what they termed as a
Infosecurity News
Users of popular WordPress plugin Backup Migration are urged to patch a new critical vulnerability
Infosecurity News
With over 20,000 active installations, the plugin is used for user-generated content submissions
Infosecurity News
Akamai spots new digital skimming campaign
The Hacker News
Beware of the latest Magecart attack! Attackers are now hiding malicious code on 404 error pages to steal your data.
Bleeping Computer
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.
Bleeping Computer
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.
SecurityWeek
A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks, but patch is available
Infosecurity News
The vulnerable code was identified by the security research team at PatchStack
Bleeping Computer
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication.
Infosecurity News
Latest CyCognito report exposes 74% PII vulnerability, prompting urgent data protection
Infosecurity News
Kaspersky explained one common strategy is the hacking of abandoned or poorly maintained websites
Infosecurity News
The security flaws were uncovered by Patchstack security researcher Rafie Muhammad
Ars Technica
We wrap up our four-part series by tying up loose ends and looking ahead.
Infosecurity News
The popular forms builder plugin for WordPress has over 900,000 active installations
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC […]
Latest Hacking News
Months after releasing the patch, hackers are still exploiting the security flaw in WooCommerce Payments WordPress plugin. The researchers have found the vulnerability under active attack, urging WordPress admins to update their websites with the
The Hacker News
Critical security flaw in Citrix NetScaler ADC and Gateway being actively exploited! CVE-2023-3519 allows unauthenticated remote code execution.
DarkReading
A barrage of targeted attacks against vulnerable installations peaked at 1.3 million against 157,000 sites over the weekend, aimed at unauthenticated code execution.
SecurityWeek
Attackers have started exploiting CVE-2023-28121, a recent critical vulnerability in the WooCommerce Payments WordPress plugin.
Security Affairs
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. The flaw is an authentication bypass issue that can be exploited by an unauthenticated attacker to impersonate arbitrary […]
Infosecurity News
Wordfence claims over 157,000 sites have been hit so far
Cyber Security News
Hackers actively target vulnerable WordPress websites in an effort to take advantage of a widespread WooCommerce Payments plugin vulnerability and gain admin rights.
The Hacker News
A critical security flaw in the WooCommerce Payments WordPress plugin (CVE-2023-28121) is being actively exploited by threat actors.
Bleeping Computer
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
The Hacker News
In the digital warfare against website spam, automation is your ally. Discover CleanTalk Anti-Spam solution for WordPress - a tool designed for precis
The Hacker News
Attention online retailers! A critical security flaw in the "Abandoned Cart Lite for WooCommerce" plugin puts over 30,000 websites at risk.
Bleeping Computer
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information.
Latest Hacking News
A critical security flaw in the WooCommerce plugin Stripe Payment Gateway risked users’ safety. Exploiting the vulnerability could allow an attacker to pilfer the payments directly from the platform and steal other sensitive information. The
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement shutdown a long-standing DDoS-for-hire service A Russian national charged for committing LockBit Ransomware attacks […]
Cyber Security News
The Wordpress Stripe Payment Gateway plugin has been vulnerable to Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability.
Infosecurity News
The vulnerability affects versions 7.4.0 and below of the WordPress plugin
Security Affairs
Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked as CVE-2023-34000. The Stripe plugin extends WooCommerce allowing administrators of the e-commerce sites to take payments directly on their […]
Security Affairs
Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion. A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping […]
The Hacker News
A critical flaw has been discovered in the WooCommerce Stripe Gateway WordPress plugin, potentially exposing sensitive information.
Bleeping Computer
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
DarkReading
In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the the threat actor is also hijacking targeted domains to deliver the malware to other sites.
Cyber Security News
Hackers execute a Magecart attack by breaching online stores and implanting malicious scripts designed to stealthily harvest the customers' credit card details
Security Affairs
A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe. Magecart attacks target e-commerce websites, the […]
The Hacker News
🚨 Attention online shoppers! Beware of the insidious Magecart-style web skimmer campaign sweeping across e-commerce websites!
Bleeping Computer
A new Magecart credit card stealing campaign hijacks legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites.
Latest Hacking News
A serious vulnerability existed in the popular WordPress plugin Elementor Pro that could allow website takeovers. Even worse, the vulnerability went under attack soon after gaining traction, requiring WP admins to install the bug fixes
Cyber Security News
Most popular WordPress plugins, Elementor Pro, used by over eleven million websites, is vulnerable to a high-severity vulnerability.
The Hacker News
A recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress is being exploited.
Ars Technica
Elementor Pro fixed the vulnerability, but not everyone has installed the patch.
Security Affairs
Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. Elementor Pro is a paid plugin that is currently installed on […]
Bleeping Computer
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
Naked Security
Latest episode – listen now!
Latest Hacking News
A serious authentication vulnerability existed in the WordPress plugin WooCommerce Payments, exploiting which could allow rogue access to admin privileges. The plugin developers patched the vulnerability, making WordPress force install plugin updates. WooCommerce Payments Plugin Vulnerability
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and […]
Naked Security
Admin-level holes in websites are always a bad thing… and for “bad”, read “worse” if it’s an e-commerce site.
CSO
The vulnerability could allow unauthenticated administrative takeover of websites. WooCommerce has released an update.
Infosecurity News
The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website
Security Affairs
A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites. On March 23, 2023, researchers from Wordfence observed that the “WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo” plugin had been updated to version 5.6.2. The WooCommerce Payments plugin is a fully integrated […]
The Hacker News
Critical security flaw found in WooCommerce Payments plugin for WordPress, affecting 500K+ websites! Update to patched versions ASAP.
Bleeping Computer
Automattic, the company behind the WordPress content management system, is force installing a security update on hundreds of thousands of websites running the highly popular WooCommerce Payments for online stores.
Bleeping Computer
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.
Security Affairs
The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and […]
SecurityWeek
Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and Solana Foundation.
Security Affairs
Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed. The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. Threat […]
The Hacker News
Another security breach has hit the popular email marketing service Mailchimp, compromising over 100 customers' information
CyberSecurity Dive
The social engineering incident is similar to an August cyberattack that targeted customers in the crypto industry.
Bleeping Computer
Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers.
Latest Hacking News
Heads up, WordPress admins! Researchers have warned users of a new Linux malware that targets WordPress websites with malicious JavaScript. The malware exploits 30 vulnerabilities in different WordPress themes and plugins to accomplish the goal. Linux
Ars Technica
People who use WordPress should check their sites for unpatched plugins.
The Hacker News
A new strain of Linux malware is targeting WordPress sites, taking advantage of vulnerabilities in various plugins and themes to infiltrate.
Security Affairs
A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware injects into targeted webpages malicious JavaScripts, then when users click on the compromised […]
Bleeping Computer
A previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript.
SecurityWeek
A critical vulnerability in the YITH WooCommerce Gift Cards premium WordPress plugin is exploited in attacks.
Security Affairs
Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to […]
Security Affairs
Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to […]
Bleeping Computer
Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.
The Hacker News
Coding best practices have continued to evolve over the years, in response to business needs and market trends.
The Hacker News
Magecart hackers took over three restaurant ordering platforms, MenuDrive, Harbortouch, and InTouchPOS, and stole more than 50,000 payment card record
CyberScoop
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
Bleeping Computer
Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture.
ThreatPost
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
ThreatPost
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
ThreatPost
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
DataBreaches
Bill Toulas reports: The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection...
Bleeping Computer
The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.
Trend Micro
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices.
ThreatPost
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
ThreatPost
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Latest Hacking News
Hackers behind the new campaigns steal card details after infecting WordPress plugins running on e-commerce stores.
Bleeping Computer
Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.
The Record
Threat actors have abused a legitimate feature of the Google Tag Manager service to secretly add and deploy malicious JavaScript code to more than 300 e-commerce stores since March this year.
ThreatPost
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
The DFIR Report
As you have noticed from our reporting so far, Cobalt Strike is used as a post-exploitation tool with various malware droppers responsible for the initial infection stage. Some of the most common droppers we see are IcedID (a.k.a. BokBot), ZLoader, Qbot (a.k.a. QakBot), Ursnif, Hancitor, Bazar and TrickBot.
Bleeping Computer
WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication.
Bleeping Computer
Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware.