A critical security vulnerability in the popular "Alone" WordPress theme has been actively exploited by cybercriminals to gain complete control of vulnerable websites.
The vulnerability, which affects a theme with over 9,000 sales, allows unauthenticated attackers to upload malicious files and execute remote...
A critical security vulnerability has been discovered in the popular SureForms WordPress plugin, putting over 200,000 active installations at risk of complete website takeover.
The flaw, designated CVE-2025-6691 with a high CVSS rating of 8.8, allows unauthenticated attackers to delete arbitrary files from affected...
Cybersecurity researchers at Cybereason's Global Security Operations Center (GSOC) have identified a sophisticated campaign in which threat actors exploit compromised WordPress websites to distribute malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT).
The attack, detected in May 2025, employs a multi-stage...
A sophisticated malware campaign targeting WordPress websites through fake plugins that cleverly disguise themselves using the victim's own domain name.
This deceptive tactic allows the malicious software to evade detection while injecting SEO spam content designed to manipulate search engine rankings, particularly targeting Cialis-related...
A severe security vulnerability discovered in the popular Forminator WordPress plugin has left over 600,000 websites vulnerable to complete takeover by unauthenticated attackers.
The vulnerability, designated CVE-2025-6463 with a critical CVSS rating of 8.8, allows malicious actors to delete arbitrary files from affected servers,...
A recent investigation by the Wordfence Threat Intelligence Team has revealed a sophisticated and adaptable malware family affecting WordPress and WooCommerce sites.
Active since at least September 2023, this attack demonstrates a new level of technical cunning, leveraging both front-end JavaScript skimmers and rogue...