DollyWay Malware Campaign: The Eight-Year Evolution of a WordPress Threat
A sophisticated malware operation called DollyWay has compromised over 20,000 WordPress sites since 2016, redirecting millions of visitors to fraudulent pages. The campaign's third iteration employs advanced techniques like cryptographic signing and multiple injection methods to maintain persistence.
WordPress Faces Class Action Lawsuit Over Update Access Dispute
A class action lawsuit against Automattic and founder Matt Mullenweg has escalated tensions with web host WP Engine over blocked WordPress updates. The case, which affects hundreds of thousands of websites, questions Automattic's control over the WordPress ecosystem and could have far-reaching implications for open-source software.
Hackers Turn the Tables: 390,000 WordPress Credentials Stolen in Supply Chain Attack
A sophisticated hacking group dubbed MUT-1244 executed a year-long campaign targeting cybercriminals and researchers through trojanized software tools. The attackers successfully stole over 390,000 WordPress credentials along with other sensitive data using deceptive GitHub repositories and infected npm packages.
Critical Vulnerabilities in WordPress Anti-Spam Plugin Put 200,000 Sites at Risk
Two severe security flaws discovered in the Anti-Spam by CleanTalk WordPress plugin could allow attackers to gain unauthorized control of over 200,000 websites. The developer has released patches while security researchers implement protective measures for affected installations.
Critical WordPress Security Plugin Flaw Exposes Millions of Sites to Admin Takeover
A severe vulnerability in a widely-used WordPress security plugin puts millions of websites at risk of complete administrative compromise. Site owners are urged to immediately update their plugins and audit admin accounts as researchers warn of potential unauthorized access and data exposure.