Credit Card Skimmer and Backdoor on WordPress E-commerce Site Sucuri发现一起针对WordPress电商网站的复杂恶意软件攻击事件。该恶意软件包含信用卡窃取器、隐藏后门文件管理器及侦察脚本三部分。攻击者通过隐蔽手段窃取用户支付信息并长期控制服务器。Sucuri已采取措施封堵相关IP和域名，并建议加强网站安全防护。... 2025-3-14 22:31:59 | 阅读: 37 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net security wordpress attackers sucuri malicious

Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign During a recent website security investigation, we uncovered a malicious JavaScript injection af... 2025-3-6 21:35:12 | 阅读: 11 | 收藏 | Sucuri Blog - blog.sucuri.net malicious security wordpress attackers redirected

Vulnerability & Patch Roundup — February 2025 文章列举了多个WordPress插件的安全漏洞及其修复方法，并建议使用Sucuri Firewall等工具来保护网站免受攻击。... 2025-3-1 01:39:15 | 阅读: 195 | 收藏 | Sucuri Blog - blog.sucuri.net software elementor security

Fake WordPress Plugin Impacts SEO by Injecting Casino Spam 攻击者通过伪装成无害的WordPress插件注入恶意软件，隐藏插件并利用混淆技术逃避检测。恶意插件从远程URL获取链接并将其注入网站footer中，用于垃圾信息传播和SEO优化。定期检查插件、更新软件和使用防火墙可帮助防范此类攻击。... 2025-2-26 21:57:1 | 阅读: 12 | 收藏 | Sucuri Blog - blog.sucuri.net malicious wordpress attackers footer spammy

WordPress ClickFix Malware Causes Google Warnings and Infected Computers 一种新的仿冒Google reCAPTCHA的恶意软件正在WordPress网站中传播。该恶意软件伪装成正常的人机验证提示，诱导用户执行恶意Powershell命令以感染计算机。攻击者利用区块链网络分发代码，并通过伪装成合法插件或注入主题文件的方式入侵网站。用户应避免执行未知来源的系统命令，并保持软件更新以防范此类威胁。... 2025-2-21 20:17:57 | 阅读: 22 | 收藏 | Sucuri Blog - blog.sucuri.net wp malicious wordpress windows attackers

When Spam Hides In Plain Sight 这篇文章描述了一个赌场垃圾信息注入WordPress网站的案例，攻击者通过隐藏在页面构建器的代码块中规避检测。作者通过检查数据库和文件未果后，最终在Fusion Builder插件的编辑器中发现了隐藏的垃圾信息。文章还强调了攻击者利用此类方法绕过安全扫描并传播恶意内容的风险，并提供了预防措施以帮助网站所有者保护其站点安全。... 2025-2-19 23:31:15 | 阅读: 12 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net database wordpress matt security malicious

Hidden Backdoors Uncovered in WordPress Malware Investigation Sucuri发现WordPress网站被恶意软件入侵，攻击者利用mu-plugins目录隐藏后门文件。恶意代码通过base64编码和AES加密执行远程命令，窃取数据并控制服务器。建议删除可疑文件、扫描网站并防止上传目录执行PHP脚本以应对威胁。... 2025-2-14 21:26:56 | 阅读: 18 | 收藏 | Sucuri Blog - blog.sucuri.net php wp attackers malicious mu

Magento Credit Card Stealer Disguised in an img Tag 这篇文章介绍了 MageCart 恶意软件如何通过隐藏在 `<img>` 标签中的 Base64 编码脚本窃取信用卡信息。该恶意软件在结账页面加载时触发，收集用户输入的信用卡数据并发送到远程服务器。文章强调了此类攻击的隐蔽性和复杂性，并提供了防护建议，如定期更新软件、使用防火墙和启用双重认证等。... 2025-2-12 23:17:2 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net malicious magento security undetected software

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site 这篇文章讲述了Sucuri发现一起通过Google Tag Manager（GTM）传播的恶意软件攻击事件。攻击者利用GTM脚本加载恶意代码，窃取Magento电商平台的信用卡数据。Sucuri通过深入调查发现了恶意代码，并清理了感染源和后门。文章提醒网站管理员警惕可疑脚本，并建议定期检查网站安全以防止类似攻击。... 2025-2-6 22:25:25 | 阅读: 42 | 收藏 | Sucuri Blog - blog.sucuri.net gtm malicious magento attackers security

Vulnerability & Patch Roundup — January 2025 Vulnerability reports and responsible disclosures are essential for website security awareness and e... 2025-1-31 22:57:19 | 阅读: 410 | 收藏 | Sucuri Blog - blog.sucuri.net software security contributor

Sucuri WAF Now Supports HTTP/3: A Faster and More Secure Web Experience read file error: read notes: is a directory... 2025-1-28 20:39:44 | 阅读: 30 | 收藏 | Sucuri Blog - blog.sucuri.net visitors security sucuri ensuring kyle

Malware Redirects WordPress Traffic to Harmful Sites read file error: read notes: is a directory... 2025-1-24 02:1:33 | 阅读: 29 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net malicious attackers security php wordpress

Backdoors: The Hidden Threat Lurking in Your Website read file error: read notes: is a directory... 2025-1-17 23:1:21 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net backdoors attackers sucuri threats security

Japanese Spam on a Cleaned WordPress Site: The Hidden Sitemap Problem read file error: read notes: is a directory... 2025-1-15 23:14:3 | 阅读: 19 | 收藏 | Sucuri Blog - blog.sucuri.net sitemap gsc malicious indexed japanese

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection read file error: read notes: is a directory... 2025-1-9 21:34:51 | 阅读: 9 | 收藏 | Sucuri Blog - blog.sucuri.net wordpress 0x5ab8c6 malicious security

Vulnerability & Patch Roundup — December 2024 read file error: read notes: is a directory... 2025-1-7 23:54:1 | 阅读: 102 | 收藏 | Sucuri Blog - blog.sucuri.net software security elementor

Vulnerability & Patch Roundup — November 2024 Vulnerability reports and responsible disclosures are essential for website security awareness and e... 2024-12-20 23:16:11 | 阅读: 60 | 收藏 | Over Security - Cybersecurity news aggregator - blog.sucuri.net software security elementor

Malicious Script Injection on WordPress Sites read file error: read notes: is a directory... 2024-12-6 05:48:26 | 阅读: 24 | 收藏 | Sucuri Blog - blog.sucuri.net security wordpress php publicwww malicious

Credit Card Skimmer Malware Targeting Magento Checkout Pages read file error: read notes: is a directory... 2024-11-27 08:21:25 | 阅读: 25 | 收藏 | Sucuri Blog - blog.sucuri.net magento security malicious remote ecommerce

Simple Include Statement Hides Casino Spam read file error: read notes: is a directory... 2024-11-15 06:35:33 | 阅读: 31 | 收藏 | Sucuri Blog - blog.sucuri.net wordpress casino malicious doorway bots