Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.

A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a... (more…)

mask.of.sanity quotes a report from The Register: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code ...

Analysis of attacks we are seeing in the wild against the WordPress core REST API vulnerability which was patched a week ago in version 4.7.2.

WordPress is a good fit for the backend of native mobile apps, especially if you'd like to deliver a native experience by converting it into a native app. (more…)