Gootloader malware resurfaced in late October 2025 after a nine-month hiatus, used to stage ransomware attacks Delivered via malicious JavaScript hidden in custom web fonts, enabling stealthy remote ...

A new threat actor is targeting flawed WordPress sites using a new malware spreading technique. Credit: Filip Radwanski/SOPA Images/LightRocket via Getty Images WordPress is one of the most popular ...

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site ...

WordPress sites have long been frequent targets for cybercriminals, and recent campaigns show the wave of threats has yet to ebb. In recent weeks, different organizations have flagged malicious ...

I am not a morning person, yet my alarm goes off at 5:30 am every day. This is because the editorial team I work with is on the East Coast, and I'm in Oregon. I do a quick check of email and Slack to ...

Wordfence researchers uncover a new piece of WordPress malware Threat actors used AI to create legitimate-looking tools The malware pretends to be an anti-malware product Security researchers have ...

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...

The humble robots.txt file often sits quietly in the background of a WordPress site, but the default is somewhat basic out of the box and, of course, doesn’t contribute towards any customized ...

Elementor Editor is the world’s most popular WordPress page builder plugin. It currently has a market share of 17% and is used by 12% of all websites. It simplifies website creation using four core ...

Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. Malicious hackers have been caught hiding their WordPress malware in ...

Threat actors have taken a campaign that uses fake browser updates to spread malware to a new level, weaponizing scores of WordPress plug-ins to deliver malicious infostealing payloads, after using ...