During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake plugin, a remote command-and-control server, and two PHP web shells stored directly inside the WordPress database. The campaign is operated by a Turkish-speaking…
WordPress PBN Plugin Drops Dual Webshells via Database Injection
Full Disclosure: This webpage may contain affiliate links, in which the website owner would receive a commission for purchases made. This does not affect your purchase cost.
