Three ShapedPlugin Pro plugins served malware via official updates for three weeks. Updating the plugin is not enough — here is what site owners need to do.
Rebecca Sutton
Rebecca Sutton
Rebecca is a dedicated cybersecurity writer who specialises in transforming complex technical concepts into clear, accessible content. With a strong background in IT and a passion for digital security, she produces insightful articles, guides, and thought-pieces that bridge the gap between technical experts and wider audiences.
-
-
Cyber Essentials does not require a penetration test, and CE+ uses vulnerability scanning rather than adversarial testing. A side-by-side guide to what each certification covers, what it misses, and when …
-
The Squidbleed vulnerability in Squid Proxy leaks HTTP credentials from heap memory in every default installation. Here is how to check whether you are affected and what to do while …
-
The Gravity SMTP vulnerability (CVE-2026-4020) is being exploited at mass scale. But the real issue is structural: email plugins holding API keys create a risk that one permission bug can …
-
A vulnerability assessment scans your IT systems for known security weaknesses, rates each one by severity, and produces a prioritised fix list. This guide explains how the process works, what …
-
The Gentlemen ransomware gang ships an EDR killer framework to every affiliate, targeting 48 security products before encryption begins. Here are three practical checks every IT team should make this …
-
The FortiBleed Fortinet VPN breach compromised 74,000 firewalls, many running current firmware. The real failures were exposed management interfaces, legacy password hashing, and no MFA. Here is the harder lesson.
-
Vulnerability scanning and penetration testing both assess your security, but they answer different questions. Here is what each does, when to use it, and what UK businesses get wrong about …
-
UK penetration test pricing ranges from £800 to £50,000+, but the cheapest options often deliver automated scan reports rather than real testing. This guide explains how to identify quality and …
-
Three-quarters of UK critical infrastructure incidents last year were state-sponsored. Here is what the NCSC recommends and why most businesses are in the threat picture.