<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Web-Skimming on CuraSec</title><link>https://curasec.metacog.co.kr/tags/web-skimming/</link><description>Recent content in Web-Skimming on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 11 Jul 2026 11:49:48 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/web-skimming/index.xml" rel="self" type="application/rss+xml"/><item><title>Exposed Server Reveals WP-SHELLSTORM Mass WordPress Backdoor Campaign</title><link>https://curasec.metacog.co.kr/insights/2026-07-11-exposed-hacker-server-reveals-wp-shellstorm-backdooring-thou/</link><pubDate>Sat, 11 Jul 2026 11:49:48 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-11-exposed-hacker-server-reveals-wp-shellstorm-backdooring-thou/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> If you host WordPress sites, audit them now for backdoors and unknown admin accounts; review your web server logs for indicators matching this campaign&amp;rsquo;s mass-exploitation pattern.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Act:&lt;/strong> Review logs for WordPress admin-panel anomalies and unexpected file writes since the campaign has been active; hunt for web shells or unusual PHP execution tied to mass-compromise tooling.&lt;/li>
&lt;li>&lt;strong>Leader — Learn:&lt;/strong> Provides useful context on the scale of opportunistic WordPress compromise operations, but no immediate board-level action is required without confirmed organizational exposure.&lt;/li>
&lt;/ul></description></item></channel></rss>