all InfoSec news
PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Phishing email claims to be from the WordPress team and warns of a Remote Code Execution vulnerability on the user’s site with an identifier of CVE-2023-45124, which is not currently a valid CVE. The email prompts the victim to download a “Patch” plugin and install it.
The Download Plugin link redirects the victim to a convincing fake landing page at en-gb-wordpress[.]org:
If …
backdoor campaign claims code code execution cve email fake intelligence phishing phishing campaign phishing scam plugin psa remote code remote code execution scam targeting team threat threat intelligence valid vulnerability wordfence wordpress