Spoofed 404s
Should you trust the HTTP response code when analyzing access logs for suspicious traffic?
MAGECART GROUP 12: toolser.pw skimmer
This PHP code injection is used to selectively inject the JavaScript skimmer that is loaded from
toolser.pw
(recently had been using pathc.space
).
wss://hotjar[.]info skimmer
A twist on the old ‘analytics code’ camouflage used by some skimmers to evade detection.
Darknet Myth? Murder-for-hire
Believe it or not - some people actually think hitmen advertise their services on the darknet…and the media plays into it.
WordPress Injection Exfiltrates Admin Login
wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.