#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Joomla hacked | Breaking Cybersecurity News | The Hacker News

Category — Joomla hacked
CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Nov 24, 2014
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is...
New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

Aug 09, 2013
Password theft has been a growing problem within the security community. Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to compromise more than 6000 websites based on popular CMSs such as WordPress , Joomla and Datalife Engine. The Fort Disco botnet is currently made up of nearly 25,000 Windows machines and receives a list of sites to attack from a central command and control server. The bots receive also a list of common username-password combinations, typically composed of default combinations with password options including admin or 123456. Arbor Networks security researcher Matthew Bing said the attack has several advanced features that make it next to impossible to fully track and they obtained precious info on the botnet exploiting a misconfiguration on the attackers' side that made possible the analysis of logs on several of the six command and control servers discovered. " We stumbled upon these detailed logs the attack...
Child Porn on Indian Government websites

Child Porn on Indian Government websites

Dec 20, 2012
One of the ' The Hacker News ' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to ' entegramam.gov.in ' . Where ' entegramam' means "My village" and all sub domains of this website are names of the different cities of Kerala state. The websites are in Malayalam language and most of the sites are powered by Joomla and Drupal (older vulnerable versions) with discussion forums on them. On our further analyze we found that time stamp of the Porn articles posted on forum dated back to " 2012/08/30 16:00 ".  That means, Government websites hosting Child Porn content from last four months and authorities or  the moderators of the website are not aware about the issue. On a simple Google search, one can found all such pages : site:gov.in "nude"  for further reports and analyzing. Google also giving notification...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
Business Case for Agentic AI SOC Analysts

Business Case for Agentic AI SOC Analysts

Jun 27, 2025Artificial Intelligence / Security Operations
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all alerts are false positives, with some reports citing false positive rates as high as 99 percent . This means highly trained analysts spend a disproportionate amount of time chasing down harmless activity, wasting effort, increasing fatigue, and raising the chance of missing real threats. In this environment, the business imperative is clear: maximize the impact of every analyst and every dollar by making security operations faster, smarter, and more focused. Enter the Agentic AI SOC Analyst The agentic AI SOC Analyst is a force multiplier that enables organizations to do more with the team an...
Expert Insights Articles Videos
Cybersecurity Resources