

As hundreds of billions of dollars in online business rely on APIs to efficiently function, APIs continue to be a major target for malicious hackers looking to exploit weaknesses in these connection points. When keys and tokens are leaked, they end up on the dark web and are then used in automated attacks against API endpoints. Our research found that on many websites and applications, more than 75% of login requests from API endpoints are malicious. API attacks continue to grow because they
.....Read More
The Responsive Menu WordPress plugin is just one of many third-party plugins that are a lucrative target for hackers determined to compromise e-commerce sites. They do this using XSS vulnerabilities to gain privileged access to a website and plant malicious Shadow Code that can steal user data, spread malware, or hijack users to nefarious sites. Such techniques have been used to take over and launch Magecart attacks against thousands of e-commerce sites, resulting in the theft of millions of
.....Read More
Shadow Code introduced via third-party themes and plugins substantially expands the attack surface for websites. Website owners must stay on top of security updates which will protect them from the inherent risks that come with third-party plugins. Digital businesses also need to be able to recognize targeted, large-scale brute force ATO attacks in real-time, to stop credential stuffing as it happens and protect their customer’s personal information.

With more than 30 percent of the web currently powered by WordPress, it remains an attractive target for attackers. These two vulnerabilities in the Orbit Fox plugin —a cross-site scripting flaw and a privilege-escalation bug with a CVSS bug-severity score of 9.9— together could allow attackers the ability to inject malicious Javascript code into exposed websites with the goal of taking over control of them. Attackers can then plant malware, steal data and hijack users to nefarious sites.
.....Read More





