Two high severity vulnerabilities found in the Page Builder WordPress plugin installed on more than 1,000,000 sites can let hackers create new admin accounts, plant backdoors, and ultimately take over the compromised websites.
Jetpack received another security update to address an issue found during an internal audit of the Contact Form block in December 2018, and a critical security update patching a vulnerability in the way some Jetpack shortcodes were processed in May 2016.
Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency.
Scammers pushing snake oil products compromised hundreds of GoDaddy accounts and used 15,000 subdomains to redirect to spam pages, some of which tried to impersonate popular websites.
Despite widespread attention since January, the ‘Sea Turtle’ Campaign Focuses on DNS Hijacking to Compromise Targets and shows no signs of abating.
The world’s most popular web server, Apache HTTP Server, had a critical vulnerability that could give an attacker a way to gain ‘root’ control on systems.