WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

[hackerbot]

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running

Source: https://thehackernews.com/2025/04/wooco ... -fake.html