A critical vulnerability has been unearthed in the ubiquitous WordPress plugin Modular DS, which is currently being actively exploited in the wild by threat actors. This alarming discovery was disclosed by security firm Patchstack....
Researchers from Howler Cell have detailed an underground marketplace for compromised websites operated by students and freelancers across Asia. At the center of their latest report is a cybersecurity student from Bangladesh who aspires...
A widespread exploitation campaign has descended upon WordPress sites: attackers are targeting installations that use the GutenKit and Hunk Companion plugins, which harbor critical flaws permitting arbitrary code execution on vulnerable servers. Wordfence, a...
A critical vulnerability has been discovered in the popular WordPress theme Service Finder, allowing attackers to gain unauthorized access to any account on affected websites — including administrative ones. The issue stems from the...
For more than a decade, the Vane Viper network has remained one of the largest clandestine players in the sphere of malicious online advertising. The latest report from Infoblox, prepared in collaboration with Guardio...
Operators of the SystemBC botnet have assembled a global fabric built on compromised commercial virtual servers, sustaining roughly 1,500 active nodes each day. These machines have been repurposed into an infrastructure for relaying malicious...
Researchers at Wordfence Threat Intelligence have uncovered a large-scale campaign involving the use of so-called “nulled plugins”—pirated copies of premium WordPress extensions that have been tampered with by third parties. These counterfeit packages have...
In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...
A large-scale campaign compromising WordPress websites has been uncovered, tied to the evolution of the Help TDS system and the malicious plugin woocommerce_inputs. According to research from GoDaddy Security, between late 2024 and June...
A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...