TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

By rooter

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.

When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

How to Proactively Overcome the Client Questionnaire Burden

rooter
Cyber Security

âš¡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

rooter
Cyber Security

Could GPU-Accelerated EDR Improve The Future Of Endpoint Detection?

rooter

Leave a Reply

You Missed

News

Russia appears set to finally address long-term, serious space station cracks

News

âš¡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

News

My favorite Qi2 power bank is cheaper than ever for Verge readers

News

The Murdoch Family’s Fox Is Taking Over Roku