In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve started seeing an uptick in attacks from a new malware campaign targeting this same Popup […]
A new wave of Balada malware injection attacks has been found exploiting a vulnerable tagDiv premium theme plugin to target Newspaper and Newsmag websites. The flaw in the question is an unauthenticated XSS vulnerability in the plugin that was first disclosed in September. The plugin is used by over 135,000 users, which emphasizes the risk […]