New WordPress Credit Card Skimmer Hides in Database to Steal Payment Data
Cybersecurity researchers have discovered a sophisticated credit card skimming campaign targeting WordPress e-commerce sites by injecting malicious code into database tables. The stealthy malware evades detection while capturing payment information through fake forms and encrypted exfiltration methods.
WordPress in Crisis: Co-Creator Deactivates High-Profile Community Contributors
WordPress co-creator Matt Mullenweg has sparked controversy by deactivating several prominent community members' accounts amid governance disputes. The move follows tensions with major players like Yoast SEO creator and WP Engine, raising questions about leadership and community contribution in the popular CMS.
Malicious PhishWP Plugin Targets WordPress E-commerce Payment Data Through Fake Checkouts
A sophisticated WordPress plugin called PhishWP has emerged on Russian cybercrime forums, creating deceptive payment gateways to steal customer payment data through fake checkout pages. The malware includes advanced features like OTP functionality and real-time data transmission via Telegram, highlighting growing e-commerce security threats.
Critical Security Flaw in Popular WordPress Backup Plugin Threatens Millions of Sites
A severe vulnerability discovered in UpdraftPlus WordPress plugin puts over 3 million websites at risk of code execution attacks. The high-severity flaw affects all versions up to 1.24.11 and requires immediate updating to the patched version.