Global WordPress Malware Campaign 'DollyWay' Infects Over 20,000 Sites
A sophisticated malware operation dubbed 'DollyWay' has compromised more than 20,000 WordPress websites since 2016, redirecting visitors to fraudulent sites. The persistent campaign generates millions of monthly impressions through an advanced traffic direction system while expertly evading detection.
WordPress Access Battle Sparks Class Action Lawsuit Against Automattic
A class action lawsuit challenges Automattic's decision to block WP Engine from accessing WordPress updates and resources, affecting thousands of websites. The case could set precedents for open-source software control and trademark enforcement while testing WordPress's commitment to remaining freely accessible.
New WordPress Credit Card Skimmer Hides in Database to Steal Payment Data
Cybersecurity researchers have discovered a sophisticated credit card skimming campaign targeting WordPress e-commerce sites by injecting malicious code into database tables. The stealthy malware evades detection while capturing payment information through fake forms and encrypted exfiltration methods.
WordPress in Crisis: Co-Creator Deactivates High-Profile Community Contributors
WordPress co-creator Matt Mullenweg has sparked controversy by deactivating several prominent community members' accounts amid governance disputes. The move follows tensions with major players like Yoast SEO creator and WP Engine, raising questions about leadership and community contribution in the popular CMS.
Malicious PhishWP Plugin Targets WordPress E-commerce Payment Data Through Fake Checkouts
A sophisticated WordPress plugin called PhishWP has emerged on Russian cybercrime forums, creating deceptive payment gateways to steal customer payment data through fake checkout pages. The malware includes advanced features like OTP functionality and real-time data transmission via Telegram, highlighting growing e-commerce security threats.
Critical Security Flaw in Popular WordPress Backup Plugin Threatens Millions of Sites
A severe vulnerability discovered in UpdraftPlus WordPress plugin puts over 3 million websites at risk of code execution attacks. The high-severity flaw affects all versions up to 1.24.11 and requires immediate updating to the patched version.