Sucuri in the Media
Check out various posts and articles interviewing the team, or referencing Sucuri Security, our services, and tools.
As seen on TechCrunch, CNN, USA Today, CSO Online, CIO Magazine, PC World,
SC Magazine, TheNextWeb, BloggingTips and many others.
-
September 2019
Rash of Exploits Targets Critical vBulletin RCE Bug -
September 2019
Criminals using fake Single Sign Ons to steal credentials’ -
August 2019
Cryptolocking WordPress Plugin Locks Up Blog Posts -
July 2019
Rare Steganography Hack Can Compromise Fully Patched Websites -
July 2019
Malicious ‘Google’ domains used in Magento card skimmer attacks -
July 2019
‘Google’ Sites Are the Latest Ploy by Card-Skimming Thieves -
July 2019
Hackers Inject Multi-Gateway Card Skimmer via Fake Google Domains -
July 2019
WordPress Plugin WP Statistics Patches XSS Flaw -
July 2019
Instagram scams now include fake ‘verification’ -
June 2019
Scammers Prey on Instagram Vanity and ‘Verified Account’ Status -
June 2019
Cryptominer Uses Cron To Reinfect Linux Host After Removal -
June 2019
WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution -
June 2019
WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Log -
May 2019
Patch for ‘easy to exploit’ WordPress XSS vulnerability -
May 2019
WordPress WP Live Chat Support Plugin Fixes XSS Flaw -
May 2019
WordPress patches XSS vulnerability in WP Live Chat Support -
May 2019
XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites -
May 2019
Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts -
May 2019
WordPress plugin sees second serious security bug in six weeks -
April 2019
Users Urged to Update WordPress Plugin After Flaw Disclosed -
April 2019
Critical vulnerability found in Duplicate-Page’s WordPress Plugin -
March 2019
“Two serious WordPress plugin vulnerabilities are being exploited in the wild -
March 2019
Zero-day in WordPress SMTP plugin abused by two hacker groups -
March 2019
“Brace yourselves: Exploit published for serious Magento bug allowing card skimming -
March 2019
Update now! WordPress abandoned cart plugin under attack -
March 2019
Attack Campaign Using Fake Browser Updates to Deliver Ransomware and Banking Malware -
March 2019
WordPress accounted for 90 percent of all hacked CMS sites in 2018 -
March 2019
CMS hackers focus on WordPress -
March 2019
90% of hacked CMS sites in 2018 were powered by WordPress -
February 2019
Card-Skimming Scripts Hide Behind Google Analytics, Angular -
February 2019
Android banking malware distributed with fake Google reCAPTCHA -
February 2019
Malspam campaign fakes Google reCAPTCHA images to fool victims -
February 2019
Phishing Scam Cloaks Malware With Fake Google reCAPTCHA -
February 2019
Fake Google reCAPTCHA used to hide Android banking malware -
February 2019
Card-Skimming Scripts Hide Behind Google Analytics, Angular -
February 2019
Phishing Campaign Uses Fake Google reCAPTCHA to Distribute Malware -
January 2019
Stealthy Malware Disguises Itself as a WordPress License Key -
December 2018
WordPress Targeted with Clever SEO Injection Malware -
November 2018
Critical vulnerabilities in WordPress GDPR plugin let hackers seize control of websites -
November 2018
Will good prevail over bad as bots battle for the internet? -
November 2018
Attackers exploit GDPR compliance plug-in for WordPress -
October 2018
Abandoned Tweet Counter Hijacked With Malicious Script -
October 2018
Threat Actors Obfuscate JavaScript to Hide Crypto-Mining Malware -
September 2018
Old WordPress Plugin Being Exploited in RCE Attacks -
September 2018
New WordPress Phishing Campaigns Target User Credentials -
August 2018
Cryptojacking Campaign Employs Deleted GitHub Account and Unofficial GitHub CDN -
July 2018
GoogleUserContent CDN Hosting Images Infected with Malware -
July 2018
3 Best WordPress Alternatives For Serious Business Owners -
July 2018
Google User Content CDN Used for Malware Hosting -
June 2018
Unpatched Flaw Disclosed in WordPress CMS Core -
April 2018
“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers -
March 2018
IoT Smart Devices Easy To Hack, Researchers Warn -
March 2018
Malicious Crypto Mining Continues to Evolve and Evade Ad Blockers -
March 2018
Is your browser secretly mining cryptocurrencies? -
March 2018
In-Browser Cryptojacking Is Getting Harder to Detect -
February 2018
Top 50 InfoSec Blogs You Should Be Reading -
February 2018
Sucuri – Website Security For Any Platform -
February 2018
Hackers Compromise Tesla Cloud Server to Mine Cryptocurrency -
February 2018
Hackers are infecting WordPress websites to mine cryptocurrencies -
February 2018
Website with crypto-mining malware makes it to Wikipedia -
January 2018
11 Web Application Security Best Practices -
January 2018
Keylogger Campaign Hits Over 2,000 WordPress Sites -
January 2018
Has OnePlus checkout page been hacked? -
January 2018
More than 2,000 WordPress websites are infected with a keylogger -
January 2018
Keylogger Campaign Returns, Infecting 2,000 WordPress Sites -
January 2018
Thousands of WP sites hosting combined keylogger / in-browser crypto miner -
December 2017
How to Clean Your Hacked WordPress Site Without a Backup -
December 2017
Attackers exploit old WordPress to inject code enabling site redirection -
December 2017
GoDaddy Enhances Online Security Offerings for Small Businesses in India -
December 2017
Cryptojackers Found on Starbucks WiFi Network, GitHub, Pirate Streaming Sites -
December 2017
WordPress hit with keylogger, 5,400 sites infected -
December 2017
Keylogger Found on Nearly 5,500 Infected WordPress Sites -
November 2017
Report claims ecommerce sites are hijacking visitor CPUs to mine digital coins -
November 2017
6 Signs Your WordPress Site Is Compromised -
November 2017
Wp-Vcd WordPress Malware Campaign Is Back -
October 2017
Android security: Coin miners show up in apps and sites to wear out your CPU -
November 2017
Coinhive Miners Found in Android Apps, WordPress Sites -
February 2017
A surge of sites and apps are exhausting your CPU to mine cryptocurrency -
October 2017
The Dangers of Cross-Site Contamination and How to Prevent It -
August 2017
7 Signs Your WordPress Website Has Been Hacked -
August 2017
4 Best Plugins for Your WordPress Sites -
August 2017
Scan Campaign Detected Looking for Adminer Database Management Tool -
August 2017
Vulnerable WordPress Plugins/Themes Report for the Week of August 18, 2017 -
August 2017
GoDaddy profit beats on HEG deal, hosting business strength -
July 2017
Has Your WordPress Site Been Hacked? Here’s What To Do About It -
July 2017
Amid fierce competition, GoDaddy pulls the plug on its cloud servers -
June 2017
GoDaddy Introduces New Small Business Security Features -
June 2017
Website Security: Disaster Preparation Checklist -
June 2017
GoDaddy Expands Security Options with Sucuri Technology -
June 2017
GoDaddy Unveils Website Security, Braces Security Portfolio -
June 2017
GoDaddy Launches New Website Security Products Powered By Sucuri -
June 2017
Introducing GoDaddy Website Security, powered by Sucuri -
May 2017
Sucuri Co-Founder Dre Armeda Talks Website Security: How the Platform Provides Affordable, Cloud-Based Security for Every Site -
May 2017
Google Starts Flagging Sites With Insecure Logins To Protect Your Data -
May 2017
Report Reveals Google Is Blacklisting Some Sites That Handle Passwords via HTTP -
May 2017
Joomla 3.7 Exposed To Easily Exploitable Bug, WordPress Patches Too -
May 2017
New Joomla SQL Injection Flaw Is Ridiculously Simple to Exploit -
May 2017
Cookie Monster: Malware Steals Cookies and Hijacks WordPress Sessions -
May 2017
Session Hijacking, Cookie-Stealing WordPress Malware Spotted -
May 2017
WordPress Zero-Day Could Expose Password Reset Emails -
May 2017
WordPress Security In A Few Easy Steps -
April 2017
Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later -
April 2017
Your Regular WordPress Maintenance Checklist -
March 2017
SG Site Scanner powered by Sucuri -
March 2017
How hackers turned a Cape Cod fishing guide’s site into a host for e-commerce fraud -
March 2017
New Google algorithm shrinks image size, Apple acquires Workflow: News IT leaders need to know -
March 2017
BRIEF-Godaddy Inc enters into agreement to acquire Sucuri -
March 2017
GoDaddy to Bloster Website Security with Sucuri Acquisition -
March 2017
How hackers turned a Cape Cod fishing guide’s site into a host for e-commerce fraud -
March 2017
WordPress REST API bug could be used in stored XSS attacks -
March 2017
Write and wrong: Attackers compromise websites with subdirectory files to promote ‘essay spam’ -
March 2017
Flashback Friday: Operation Windigo -
March 2017
Credit Card Scrapers Continue to Target Magento -
March 2017
vBulletin exploited to display malvertising, Sucuri report -
February 2017
WordPress Silently Fixes Severe Vulnerability -
February 2017
Hackers deface thousands of website by exploiting WordPress vulnerability -
Feburary 2017
Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin -
February 2017
Researchers find “severe” flaw in WordPress plugin with 1 million installs -
February 2017
Critical SQL injection bug in WordPress plugin -
February 2017
WordPress Bug Allows Hackers to Alter Website Content -
February 2017
Content Injection Vulnerability in WordPress 4.7.0 -
February 2017
Porn Spamming campaign targets Joomla users -
February 2017
100,000+ WordPress webpages defaced as recently patched vulnerability is exploited -
February 2017
Attackers Capitalizing on Unpatched WordPress Sites -
February 2017
Thousands of WordPress websites defaced through patch failures -
February 2017
Critical WordPress update fixes zero-day flaw unnoticed -
February 2017
WordPress secretly patches severe bug that can lead to site content modification -
February 2017
WordPress Quietly Fixes Serious Security Flaw -
February 2017
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update -
February 2017
Over 67,000 Websites Defaced via Recently Patched WordPress Bug -
February 2017
Thousands of Unpatched WordPress Sites Hacked via Exposed Vulnerability -
February 2017
WordPress: Why we didn’t tell you about a big zero-day we fixed last week -
February 2017
WordPress Websites Exposed to Severe Content Injection Vulnerability -
February 2017
WordPress Web API Vulnerability -
February 2017
Protecting everyone from WordPress Content Injection -
February 2017
WordPress fixed god-mode zero day without disclosing the problem -
February 2017
Patch “severe” WordPress REST API bug now, warn experts -
February 2017
WordPress Team Fixed a Zero-Day Behind Everyone’s Back and Told No One -
February 2017
WordPress Silently Fixed Massive Zero-Day Vulnerability in Last Week’s Update -
February 2017
WordPress 0-day content injection vulnerability -
January 2017
This Malware Is Targeting Attacks on Mobile Devices -
January 2017
Google: SEO Is One Of The Primary Reasons Websites Are Targeted For Hacking -
January 2017
Dueling malwares: Researchers explain what happens when two codes collide -
January 2017
Two Aggresive Campaigns Detected Pushing Google Ads to Unsuspecting Users -
January 2017
Ad Fraud Generates Cash for Cybercriminals and Pain for Website Managers -
January 2017
WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs -
January 2017
Pair of ad fraud campaigns linked to defacement attacks by Indonesian hackers -
December 2016
Creating a #NoHacked web -
December 2016
Watch Out for Malicious Images in Google My Business Listings -
December 2016
Researchers find OpenCart backdoor technique that approves false log-in credentials -
December 2016
Script exploited in WordPress theme, bypasses security, sends spam -
December 2016
WiredTree Warns that SEO is getting more common -
December 2016
Website hackers can alter OpenCart code to approve false log-in credentials -
December 2016
UPDATED: Magento One Page Checkout redirects to phishing pages -
November 2016
IPv4 vs IPv6 – Performance comparison -
November 2016
Attackers use patched exploits to hit Joomla! sites -
November 2016
WordPress Plugins Leave Black Friday Shoppers Vulnerable -
November 2016
Joomla flaws exploited to place backdoors, then patched by same attackers -
November 2016
New Occurances of SEO Spam Discovered: Hacked Subdirectories on WordPress Sites -
November 2016
SEO spam injects backdoor code on WordPress sites -
November 2016
Joomla websites attacked en masse using recently patched exploits -
November 2016
Hackers hustle to hassle un-patched Joomla! sites -
October 2016
Latest WordPress SEO Spam Tactics Include Directory-In-Directory Installs -
October 2016
IPv6 servers beat IPv4 in security — for now -
October 2016
Joomla websites attacked en masse using recently patched exploits -
October 2016
Joomla Update Fixes Two Critical Issues, 2FA Error -
October 2016
Many Joomla Sites Hacked via Recently Patched Flaws -
October 2016
Hackers Already Scanning and Exploiting Recent Joomla Flaws -
October 2016
Hackers hide stolen payment card data inside website product images -
October 2016
Joomla websites attacked en masse using recently patched exploits -
October 2016
Joomla Patches Flaw That Allows Attackers to Create Admin Accounts -
October 2016
Hackers hiding stolen credit card details in images -
October 2016
Crims cram credit card details into product shots on e-shops -
October 2016
Attackers Hiding Stolen Credit Card Numbers in Images -
October 2016
Hackers hide stolen payment-card data inside website product images -
October 2016
New Occurances of SEO Spam Discovered: Hacked Subdirectories on WordPress Sites -
October 2016
Prestashop Malware Found Logging Admin Credentials -
October 2016
IPv6 servers beat IPv4 in security — for now -
October 2016
Forewarned is Forearmed: Modern Cyber Threats That Are Dangerous for Everyone -
October 2016
Securing the Internet of Things -
October 2016
Hackers Employ Magecart Keylogger to Steal Unfortunate Shoppers’ Payment Cards -
October 2016
Hacker Releases IoT Botnet Source Code -
October 2016
Over 100 Online Stores Targeted with New Magecart Malware -
October 2016
Web-Based Keylogger Used to Steal Credit Card Data from Popular Sites -
September 2016
SSH brute force attacks compromise servers for DDoS attacks -
September 2016
Record-breaking DDoS reportedly delivered by >145k hacked cameras -
September 2016
Safe browsing checks fail as 16,000 WordPress sites hacked this year -
September 2016
Google Safe Browsing beats rivals but still only flags up 10 percent of hacked sites -
September 2016
16,000 WordPress Sites Have Been Hacked -
September 2016
Hackers compromise nearly 16,000 WordPress websites -
September 2016
RIG EK Ramps Up to Spread CryptMIC Ransomware -
September 2016
WordPress Continues to Be by Far the Most Hacked CMS -
September 2016
Luabot malware used to launch DDoS attacks -
September 2016
IoT home routers used to launch application-level DDoS attack -
September 2016
Will ISPs Step Up to the IoT Challenge? -
September 2016
Attackers Combine Three Botnets to Launch Massive DDoS Attack -
September 2016
IoT home routers used to launch application-level DDoS attack -
August 2016
There’s a 120,000-Strong IoT DDoS Botnet Lurking Around -
August 2016
WordPress Plugin Fixes SQL Injection Flaw That Let Attackers Dump Site Passwords -
August 2016
Expired Domains Associated with WordPress Plugin Show Ads, Scareware -
August 2016
NameCheap DNS hijack redirects visitors to old Conficker IP address -
July 2016
At Black Hat, the ‘Internet of Things’ Gets Put Through Its Paces -
July 2016
U.S. is the source of most cyberattacks: Sucuri -
July 2016
Ken Colburn: Dealing with website security certificates -
July 2016
CryptXXX ransomware now hijacking websites of businesses to infect unsuspecting users -
July 2016
WordPress Falls Prey to Ransomware -
July 2016
Change in exploit tactics caused dramatic surge of Realstatistics malware infections -
July 2016
Sucuri : 200,000 expired parked domains distribute malicious ads -
July 2016
Major websites compromised in the last SoakSoak campaign -
July 2016
New phishing scam hides behind authentic e-commerce checkouts -
July 2016
Persistent XSS Patched in WooCommerce WordPress Plugin -
July 2016
Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page -
July 2016
CryptXXX, Cryptobit Ransomware Spreading Through Campaign -
July 2016
Nearly 200,000 Parked Domains Used to Show Rogue Ads, Hijack Traffic -
July 2016
Change in exploit tactics caused dramatic surge of Realstatistics malware infections -
July 2016
New Credential Theft Tactic Seen on E-Commerce Sites -
July 2016
Realstatistics campaign targets WordPress, Joomla! sites -
July 2016
Nearly 200,000 Parked Domains Used to Show Rogue Ads, Hijack Traffic -
July 2016
If My Website Is Hacked and Customer Data Exposed, Am I Liable? -
July 2016
The Changing Face of Pseudo Darkleech -
June 2016
Big Brother is DDoSing you: Botnet running on 25,000+ CCTV cameras discovered -
June 2016
Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet -
June 2016
Malware spawns botnet in 25,000 connected CCTV cameras -
June 2016
Thousands of hacked CCTV devices used in DDoS attacks -
June 2016
Sucuri spotted a large botnet of CCTV devices involved in DDoS attacks -
June 2016
Des milliers de caméras de surveillance piratées pour mener des attaques informatiques -
June 2016
Attackers Leveraged Large CCTV Botnet to Launch DDoS Attacks -
June 2016
Large botnet of CCTV devices knock the snot out of jewelry website -
June 2016
Over 25,000 IoT CCTV Cameras Used In DDoS Attack -
June 2016
The Morning Download: The internet of bad things. -
June 2016
Botnet Powered by 25,000 CCTV Devices Uncovered -
June 2016
IoT botnet: 25,513 CCTV cameras used in crushing DDoS attacks -
June 2016
Connected CCTV is your new botnet nightmare -
June 2016
Thousands of CCTV Devices Found DDoSing Small-Business Websites -
June 2016
25,000 malware-riddled CCTV cameras form network-crashing botnet -
June 2016
Over 100 DDoS botnets built using Linux malware for embedded devices -
June 2016
Crooked Cameras – New CCTV Botnet Drives Massive DDoS Attack -
June 2016
Web Hosting Temporary URLs Abused in Phishing Campaigns -
June 2016
Over 10,000 WordPress sites vulnerable to exploit -
June 2016
WordPress plug-in exploit threatens thousands of websites -
June 2016
WordPress Patches Zero Day in WP Mobile Detector Plugin -
June 2016
A new WordPress plug-in exploit endangers thousands of websites -
June 2016
Credit Card Stealer Goes After Stores Using the Braintree Magento Extension -
June 2016
The World’s Biggest Companies Use Outdated WordPress and Drupal Installations -
June 2016
Jetpack plug-in for WordPress vulnerable to XSS -
June 2016
WordPress Sites Under Attack From New Zero-Day in WP Mobile Detector Plugin -
June 2016
WordPress plugin with 10,000+ installations being exploited in the wild -
May 2016
Two-Year-Old Drupalgeddon Bug Still Popular Even Today -
May 2016
Stored XSS in Jetpack Plugin Puts over One Million WordPress Sites at Risk -
May 2016
Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk -
May 2016
Most CMS-run websites have obsolete software and are vulnerable to attack -
May 2016
Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk -
May 2016
Hackers Prefer File Upload, XSS, and SQLi Bugs When Attacking WordPress Sites -
May 2016
Most CMS-run websites have obsolete software and are vulnerable to attack -
May 2016
Pirated WordPress Plugin Leads to Hidden Malvertising, Black Hat SEO Spam -
May 2016
OpenCart, osCommerce Store Owners Should Watch Out for Credit Card Stealers -
May 2016
Famous Nulled.io Hacking Forum Suffers Devastating Data Breach -
May 2016
Two in Three Hacked Websites Hide a Backdoor -
May 2016
A Quarter of All Hacked WordPress Sites Can Be Attributed to Three Plugins -
May 2016
Info on 500K Users Doxxed in Hacking Forum Dump -
May 2016
ImageTragick Exploits Detected in Live Attacks Against vBulletin, IP.Board Sites -
May 2016
Attackers already pouncing on newly discovered ImageTragick vulnerability -
May 2016
Attackers are probing and exploiting the ImageTragick flaws -
May 2016
WordPress Hack Redirects Users Randomly -
May 2016
Exploits gone wild: Hackers target critical image-processing bug -
May 2016
WordPress 4.5.2 Released to Fix XSS and SOME Security Bugs -
May 2016
Attackers inject code into WordPress header file to redirect random users -
May 2016
Hacked WordPress Sites Target Random Users -
May 2016
ImageMagick vulnerability puts countless websites at risk of hacking via uploaded images -
May 2016
New Attack on WordPress Sites Redirects Traffic to Malicious URLs -
May 2016
Huge number of sites imperiled by critical image-processing vulnerability -
May 2016
Stored XSS Flaw Patched in bbPress WordPress Plugin -
May 2016
Unpatched Joomla possible entry point for Angler, Cryptxxx combo -
May 2016
Stored XSS Bug Affects All bbPress WordPress Forum Versions -
April 2016
Toymaker’s website pushes ransomware that holds visitors’ files hostage -
April 2016
CTB-Locker Ransomware Uses Bitcoin Blockchain to Store & Deliver Decryption Keys -
April 2016
Ransomware uses blockchains for decoder delivery -
April 2016
Ransomware authors use the bitcoin blockchain to deliver encryption keys -
April 2016
Major Programming Languages Fail to Detect Revoked TLS Certificate -
April 2016
Security Cameras Sold on Amazon Come Infected with Malware -
April 2016
TLS security ‘neglect’ exposes web users to man-in-the-middle attacks -
March 2016
PHP, Python and Google Go Fail to Detect Revoked TLS Certificates -
March 2016
Ontario hospital website may have infected visitors with ransomware, security firm says -
March 2016
Build It and They Will Come: 5 Reliable Tools to Help Build Winning Websites -
March 2016
Hacked Websites Used in Black Hat SEO Campaign Redirecting Users to Adult Sites -
March 2016
Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials -
March 2016
How Linux Mint is preventing future hacks and increasing security -
February 2016
Elegant Themes WordPress Theme Author Fixes Dangerous Vulnerabilities -
February 2016
Joomla targeted in WordPress campaign that delivers TeslaCrypt -
February 2016
TeslaCrypt Ransomware Campaign Extends from WordPress to Joomla Sites -
February 2016
Hackers leverage 26,000 WordPress websites in massive DDoS attack -
February 2016
Joomla Sites Join WordPress As TeslaCrypt Ransomware Target -
February 2016
And as for actual WordPress pingbacks …. you should probably switch ’em off -
February 2016
Attackers Use Fake Patch to Hack Magento Sites -
February 2016
How Ironic: Attackers Employ Fake Magento Security Patch to Hijack Online Stores -
February 2016
Clean house to keep WordPress infection from coming back again and again -
February 2016
Mysterious spike in WordPress hacks silently delivers ransomware to visitors -
February 2016
Compromised WordPress Sites Hijacked Over and Over Again to Push Malware -
February 2016
Joomla Zero-Day Accounted for the Majority of Web Attacks in Q4 2015 -
January 2016
Some Black Hat SEO Campaigns Look like DDoS Attacks These Days -
January 2016
Bug in Magento puts millions of e-commerce sites at risk of takeover -
January 2016
Magento Update Addresses XSS, CSRF Vulnerabilities -
January 2016
Magento update fixes critical XSS flaws -
January 2016
Magento plugs ‘dangerous’ cross-scripting hole -
January 2016
Critical vulnerabilities patched in Magento e-commerce platform -
January 2016
XSS Bug in Magento Allows Attackers to Take Over Online Shops -
December 2015
Latest Joomla Vulnerability Targeted by Attackers 16,600 Times per Day -
December 2015
Joomla 0-Day Exploited In the Wild -
December 2015
Microsoft Corp updates trusted root certificate list: Security news IT leaders need to know -
December 2015
Joomla CMS exploit attacks begin again only four hours after patch -
December 2015
Hackers actively exploit critical vulnerability in sites running Joomla -
December 2015
Attacks Ramp Up Against Joomla Zero Day -
December 2015
Joomla! being hit with a zero day assault, despite patch -
December 2015
Patch now! Joomla attacked in remote code execution blitzkrieg -
December 2015
Joomla patches critical remote execution bug -
December 2015
Joomla 3.4.6 Fixes Zero-Day Remote Execution Bug Used in the Wild -
December 2015
DDoS attack is launched from 162,000 WordPress sites -
December 2015
DDoS attacks increase in number, endanger small organizations -
November 2015
Googlebot May Accidentally DDoS Your Spam-Infected Website -
November 2015
Hackers Cleverly Hide Backdoor Inside the EXIF Data of a Joomla CMS Logo -
October 2015
Webmasters have only hours to deploy patches, Joomla incident shows -
October 2015
Joomla Flaw Exploited in the Wild Within Hours of Disclosure -
October 2015
Attackers Targeting Unpatched Joomla Sites Through SQL Injection Vulnerability -
October 2015
Joomla SQL Injection Flaw Used in Attacks 4 Hours After Disclosure -
October 2015
Stored XSS bug in popular Akismet plugin puts WordPress sites at risk -
October 2015
WordPress Fixes Critical Stored XSS Error in Akismet -
October 2015
WordPress XML-RPC Service Used to Amplify Brute-Force Attacks -
September 2015
Thousands of e-commerce Magento websites struck with Guruncsite malware -
October 2015
Magento sites targeted by Neutrino exploit kit -
October 2015
Stored XSS in Jetpack Plugin Allows Attackers to Run Code in the WordPress Backend -
September 2015
Active WordPress malware campaign compromises thousands of websites -
September 2015
A spike in new WordPress malware detected -
September 2015
Stored XSS vulnerability identified in Jetpack plugin for WordPress -
September 2015
WordPress Jetpack Plugin Patched Against Stored XSS Vulnerability -
September 2015
Stored XSS in Jetpack Plugin Allows Attackers to Run Code in the WordPress Backend -
September 2015
Another WordPress exploit hits thousands of sites -
September 2015
Compromised WordPress sites redirect visitors to Nuclear Exploit Kit -
September 2015
Website hackers hijack Google webmaster tools to prolong infections -
September 2015
WordPress Brute Force Attacks are at An All-Time High -
September 2015
Monitor Worldwide Brute Force Attacks on WordPress Sites with Sucuri’s Latest Tool -
September 2015
Website hackers hijack Google webmaster tools to prolong infections -
September 2015
A spike in new WordPress malware detected -
September 2015
Active malware campaign uses thousands of WordPress sites to infect visitors -
September 2015
Beware of “New Owner” Google Search Console Verifications -
August 2015
A huge DNS exploit could take down chunks of the internet -
August 2015
Exploits start against flaw that could hamstring huge swaths of Internet -
August 2015
DNS server attacks begin using BIND software flaw -
June 2015
Blackhats using mystery Magento card stealers -
June 2015
Magento e-commerce platform targeted with sneaky code -
June 2015
Bug identified in WooCommerce plugin for WordPress websites -
June 2015
SweetCAPTCHA users complain of advertising pop-ups -
May 2015
WordPress malware: Don’t let too-good-to-be-true deals infest your site -
May 2015
Attackers target new XSS in millions of WordPress sites -
May 2015
Vulnerabilities Identified in Two WordPress Plugins -
May 2015
Millions of WordPress websites vulnerable to XSS bug -
May 2015
WordPress Security Flaw -
May 2015
Attackers exploit vulnerabilities in two WordPress plugins. -
May 2015
Millions of WordPress Websites Susceptible of Hijack Attacks. -
May 2015
Actively exploited WordPress bug puts millions of sites at risk. -
May 2015
Attackers exploit vulnerabilities in two WordPress plugins. -
April 2015
Magento flaw immediately exploited. -
April 2015
The persistent cross-site scripting bug allows attackers to insert malicious code into WordPress-published pages that use the extension, according to a blog post published Tuesday by security firm Sucuri. -
April 2015
Critical Magento Vulnerability Details Disclosed, Exploited in the Wild. -
April 2015
Multiple WordPress plugins vulnerable to cross-site scripting. -
April 2015
The attacks so far appeared aimed at just first creating a fake administrator user in a Magento database, wrote David Cid, CTO and founder of Sucuri. -
April 2015
Poor WordPress documentation trips developers, yields plug-ins with XSS flaw. -
April 2015
The code is leveraging SQL injection (SQLi) and inserting a new admin_user to the database,” Sucuri CTO Daniel Cid wrote. -
April 2015
“Web security group Sucuri named two plugins that were being exploited by those brandishing the ISIS flag: RevSlider and GravityForms. Users can protect themselves by simply updating those plugins. -
April 2015
FBI warns of WordPress defacements as new plugin vulnerability is found. -
April 2015
Threatened Unpatched WordPress sites from ISIS: FBI. -
April 2015
FBI to WordPress users: patch now before ISIL defaces you. -
April 2015
Analysts with Sucuri Security wrote on Thursday they’ve seen indications that attackers using two Russia-based IP addresses are trying to exploit unpatched Magento applications. -
April 2015
Persistent XSS Vulnerability Plagues WordPress Plugin. -
April 2015
Last year web security firm Sucuri exposed a massive campaign of WordPress compromises dubbed “SoakSoak” which allowed people without administrative privilege modify accounts. -
April 2015
Fake Pirate Bay site pushes banking Trojan to WordPress users. -
March 2015
“I think that the challenge for the security of the platform has always been the end user, the plugins and the themes. The combination of those, if improperly maintained, leaves the site vulnerable,” Tony Perez, CEO of Website security firm Sucuri. -
March 2015
Lack of WordPress User Education Affecting Security Posture. -
March 2015
Exploit kits linked to thousands of WordPress sites. -
February 2015
Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that’s used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. -
February 2015
Critical bug puts millions of WordPress sites in danger. -
February 2015
Over 1 million WordPress websites at risk from SQL injection. -
February 2015
That sensitive information can include usernames, password hashes, and, in certain configurations, WordPress secret keys that if exposed, can lead to a total takeover of the affected sites. -
February 2015
Thousands of WordPress sites affected by zero-day exploit. -
January 2015
“We also have good reasons to believe PHP applications might also be affected, through its gethostbyname() function wrapper,” Sucuri Senior Vulnerability Researcher Marc-Alexandre Montpas wrote -
January 2015
Google Adwords Campaigns Hijacked By Malvertisers. -
January 2015
The malicious ads were delivered to website owners signed up with Google’s AdSense program, wrote Denis Sinegubko, a senior malware researcher with Sucuri. -
January 2015
Website security research firm Sucuri said Wednesday that they have good reasons to believe the flaw can also be exploited through Web applications written in PHP. -
January 2015
Hackers hit Google AdWords and Adsense networks. -
January 2015
Google AdSense malvert spoofing legitimate magazines. -
January 2015
The malicious ads were delivered to website owners signed up with Google’s AdSense program, wrote Denis Sinegubko, a senior malware researcher with Sucuri. -
December 2014
WordPress symposium plugin-in plagued by file upload vulnerability. -
December 2014
Researchers at Sucuri discovered the vulnerability and a fixed version of the WP Download Manager plugin was released earlier this week. -
December 2014
Sucuri, a company providing services for protecting website integrity, detected the vulnerability and said that all versions of the InfiniteWP client earlier than 1.3.8 could be abused this way. -
December 2014
Over 1 million WordPress websites at risk from SQL injection. -
July 2014
Unmanaged WordPress not usually worth the risk or trouble. -
April 2014
Heartbleed: Most of the Web’s top sites now immune to bug, firm says -
April 2014
The Heartbleed Bug Is Mostly Fixed, but Not Entirely -
March 2014
DDoS attack is launched from 162,000 WordPress sites -
March 2014
Attackers trick 162,000 WordPress sites into launching DDoS attack -
March 2014
WordPress DDoS Visibility From OpenDNS -
July 2013
Attackers embedding backdoors into image files -
May 2013
Über stealthy malware infects Apache webservers -
February 2013
NBC.Com Back Online After Hackers Knocks Out Service -
February 2013
NBC hack infects visitors in ‘drive by’ cyberattack -
February 2013
NBC Web site back up after hack attack -
January 2013
Web Server Hackers Install Rogue Apache Modules and SSH Backdoors, Researchers Say -
October 2012
Unprotected Apache server status pages put popular websites at risk -
July 2012
Yahoo password hack draws frustration, jokes -
July 2012
Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users -
July 2012
Give Your Passwords a Security Check-up -
July 2012
Yahoo Password Breach Includes Gmail, Hotmail and AOL Users -
July 2012
Yahoo Password Check: Has Your Email Account Been Compromised? -
July 2012
How to Check If Your Email Password Was One of 453,000 Leaked This Morning -
July 2012
Yahoo Confirms Apologizes for The Email Hack Says Still Fixing Plus Check If You Were Impacted Non-Yahoo Accounts Apply -
May 2012
PHP Patches Actively Exploited CGI Vulnerability -
March 2012
WordPress Blogs Infected Distribute Rogue Antivirus -
February 2012
How To Tell If A Link Is Safe Without Clicking On It -
June 2011
How to Fend Off a New Kind of Cyber Attack -
December 2010
Hackers Embed Spam Into Google Search Listings For Unsuspecting Sites -
December 2010
Sucuri – An Alarm and Recovery System for Your Website -
November 2010
Try This: Sucuri. Virus, Malware and DNS protection for your website -
April 2010
WordPress Users Report Hacked Blogs