In January, Sucuri researchers discovered the Balada Injector malware affecting over 7,100 WordPress sites via a Popup Builder plugin vulnerability. This campaign, starting December 13, exploited the flaw (CVE-2023-6000, CVSS 8.8) in earlier Popup Builder versions. Recently, over 3,300 websites fell victim to this issue, with Sucuri’s SiteCheck finding Balada Injector on 1,170 sites.
You Might Be Interested In
- CISA Publishes Draft Regulation for Reporting Cyber Incidents
- CISA Catalog Included Palo Alto Networks PAN-OS Vulnerability
- Microsoft Disabled App Installer After Threat Actors Misused It
- [CVSS 9+] Oracle Oct 2023 Patch Addresses Numerous Vulnerabilities
- Cloudflare Report Highlights Increased DDoS Attacks in Q1
- Reddit Breach by BlackCat