This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Newest
PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time
In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interests. One area we see this in comes …
Read More
The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370 vulnerabilities were reported in 2022. The top five vulnerability categories …
Read More
PSA: Your Site Isn’t Hacked By This Bitcoin Scam, Keep the Money
On January 19th, 2023, a member of the Wordfence Threat Intelligence team received an email from their personal blog, claiming the site had been hacked, and we received two reports from Wordfence users who received the same message. The email claimed that the site had been hacked due to a vulnerability on the site. The …
Read More
Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells
Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely …
Read More
Exploiting WordPress Plugin Vulnerabilities to Steal AWS Metadata
In an ideal world, vulnerabilities would not exist. A request would be sent to a server, properly validated, and only the intended information would be provided by the server. Of course, this is not a perfect world, and vulnerabilities can be introduced unintentionally, or even found due to previously unknown weaknesses within the programming language. …
Read More
Spikes in Attacks Serve as a Reminder to Update Plugins
The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend in December. Attack attempts have spiked for vulnerabilities in two plugins. The …
Read More
Configuration Probing: Your Backups Might Be Your Greatest Weakness
Configuration files exist to make life easier for developers and website operators. In a world without configuration files, every instance of code that depended on a database connection could potentially require the connection details to be hard coded or manually entered. Other reusable data would be defined multiple times, causing code bloat and possible performance …
Read More
Not Just for the Government: Using the NIST Framework to Secure WordPress
When setting up a WordPress website, it is easy to focus on the look and feel of the website, while overlooking the important aspect of security. This makes sense, because the security of a website is largely invisible until something goes wrong. Installing a cybersecurity plugin like Wordfence significantly reduces the chances of a successful …
Read More
What Does The Fox Hack? Breaking Down the Anonymous Fox F-Automatical Script
While performing routine security research, one of our threat analysts discovered the latest version of a Command and Control (C2) script, which is referred to as F-Automatical within the script’s code and was commonly known as FoxAuto in older versions. This is the seventh version of this automatic C2 script that is developed and distributed …
Read More
Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of writing, we have observed 1,658,281 exploit attempts across our network of 4 million protected websites. …
Read More
Breaking WordPress Security Research in your inbox as it happens.
