WooCommerce Attack: Diverted Payments to Unauthorized Stripe Account through JS skimmer
Recently, we investigated a case where a customer completed a payment using a WooCommerce checkout link created directly by the site owner. […]
Author: Adrian Stoian
What’s This File? — wp_filemanager.php
Recently, after checking the web server logs, I have noticed several attacks targeting wp_filemanager.php, more specifically the following location: /wp-content/plugins/hellopress/wp_filemanager.php. If you […]
What’s This File? — wp-plain.php
If your website contains the wp-plain.php file in the root folder, it is most likely infected with malware. It is strongly recommended […]
What’s This File? — active.php
I would like to share a recent case I recently addressed. A few days ago, I got the following notification from Wordfence:
What’s This File? — postnews.php
This week, I fixed two websites containing a suspicious file: postnews.php. This script was called from 45.195.56.92, and my team found two […]