Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.
Thousands of WordPress websites have been infected with particularly nasty malware, according to researchers.
Hackers have deployed brute force attacks on WordPress websites in order to turn them into cryptocurrency miners. Single botnet thought to be behind massive attack that yielded almost £750,000 for criminals.
Attackers exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.
Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.
Critical zero-day vulnerabilities in three popular Wordpress plug-ins could allow attackers to completely take over a vulnerable site.
WordPress.org released version 4.8.2 of its content management system that fixes nine security issues, five of which involve cross-site scripting (XSS) vulnerabilities.
Ransomware actors are looking for new targets. According to security vendor WordFence that target appears to be WordPress-powered websites.
Dubbed, Sathurbot, the Trojan is disguised in a software torrent containing an apparent installer executable and a small text file.
More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.
As Wordpress plugin developer Wordfence raises concerns about security, Davey Winder asks if there isn't a bigger problem with the continued use of MD5 hashing.
Paul Bischoff, security and privacy advocate for Comparitech.com is warning website owners who use the Simple Share Buttons plugin for WordPress that clicking to "accept" the terms and conditions of the latest update could allow their websites to subject users to threats.
Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.
As the Pwnage summer heat rages on, hackers find 64 holes in popular publishing platform, WordPress
Researchers are warning WordPress website administrators of a malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect visitors to malicious domains.
WordPress has turned on HTTPS encryption for every custom domain hosted on WordPress.com. The publishing platform started working with the certificate authority Let's Encrypt to launch a beta rollout of HTTPS earlier this year.
The cyber gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.
In this week's In Case You Missed It, we recap the most popular stories of the week including NHS digital transformation cash, serious flaw found in Avast secure browser, fake survey is hooking Amazon users, more WordPress malware and businesses suffering theft of intellectual property.
Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.
A report has surfaced on the Github code repository showing a rough Proof of Concept of a bruteforce attack currently possible on popular blogging platform WordPress.
Researcher notes big increase in malicious scripts injected into legitimate websites using Neutrino exploit.
Neutrino Exploit Kit has been observed targeting CVE-2015-5119, an Adobe Flash Player zero-day vulnerability.
WordPress 4.2.3 was made available on Thursday - the update comes with fixes for a number of bugs, including a potentially dangerous cross-site scripting (XSS) vulnerability.
The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".
The Glasgow Contemporary Choir and the Blissfields music festival near Winchester are among the innocent victims of what's being described as a 'unique' attack on WordPress-powered websites.
A flaw has been found in the genericons WordPress package that creates vulnerabilities in any plug-in or theme which uses it.