website security – Threat Note

From The Hacker News – How SSL Misconfigurations Impact Your Attack Surface

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your SSL configurations are in maintaining your web application security and

shaikh Saqib April 2, 2025

Articles

From Graham Cluley – Hackers exploit little-known WordPress MU-plugins feature to hide malware

A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. Read…

Samir K April 1, 2025

Articles

From Schneier on Security – AI Data Poisoning

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system…

Samir K March 26, 2025

News

From Security Week – 8,000 New WordPress Vulnerabilities Reported in 2024

[[{"value":"Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on…

shaikh Saqib March 17, 2025

News

From Cyber Security News – 35,000+ Websites Hacked To Inject Malicious Scripts Redirecting Users To Chinese Websites

A massive cybersecurity breach has compromised over 35,000 websites, injecting malicious scripts that completely hijack users’ browser windows and redirect them to Chinese-language gambling platforms. The attack, identified on February…

shaikh Saqib March 3, 2025

News

From Security Week – Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw

[[{"value":"The websites of dozens of major private and government organizations have been abused in a massive spam campaign that involves exploitation of a vulnerability affecting widely used virtual tour software.…

shaikh Saqib February 27, 2025

News

From The Hacker News – Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

shaikh Saqib February 26, 2025

News

From The Hacker News – Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to

shaikh Saqib February 18, 2025