Researcher warns of a MacOS vulnerability that Apple refuses to correct

Researcher warns of a MacOS vulnerability that Apple refuses to correct

According to an Italian security researcher named Filippo Cavallarin, macOS Mojave 10.14.5 and younger are vulnerable to a ...
Read More

The Pentagon: Educates the cyber-squire for a world war on a deserted island!

The Pentagon: Few have access to Plum Island in which a secret branch of the US government is located and performs exercises ...
Read More
infosec tweaks

New generation malware and ways of protection: What you need to know

Every day we hear about new attacks by hackers on companies, organizations, and even individuals. The worrying is that the scammers ...
Read More

Google Play Protect protects your device from malware. Turn it on!

Due to the recent vulnerability of WhatsApp that enabled hackers to remotely install spyware on both ...
Read More

Hackers stole sensitive NederWoon customer information

A home rental company, NederWoon, has been hit by hackers. Hackers managed to get into the company's systems ...
Read More
Latest Posts

New attack by hackers puts 4.600 websites at risk

hackersA new attack from hackers may have compromised thousands of websites. As it has been known, some hackers attacked two services designed for websites. These services are Alpaca Forms and Picreel. Their violation may result in infect 4.600 websites with malicious code.

With malicious code, hackers have the ability to acquire all of them data which are imported into the forms. We do not know exactly how hackers managed to break the services, but there is a suspicion violated the Cloud CMS CDN and modified one of the service scripts. Cloud CMS has developed the open source Alpaca Forms service about 8 years ago.

The attacks were discovered by researcher Willem de Groot. According to information, when Cloud CMS was informed of the violation, it turned off the CDN that served the malicious script.

A few words about broken services

The Alpaca Forms open source service helps create HTML5 forms for mobile applications and the internet. The service offers many features and makes it easy for users to create a form using JSON Schema and Handlebars.

Cloud CMS CTO, Michael Uzquiano, said only one Alpaca Forms JavaScript file has been compromised in CDN.

As we said above, the malicious code records the information entered into the forms. Usually it is codes, financial data, payments, and more. He then sends this information to a server located in Panama and controlled by hackers.

The Picreel service monitors the movements of visitors sites (real-time mouse movements). In this way, site owners know user preferences and display targeted ads. It is assumed that there are sites embedded JavaScript code, which allows the service to do its job. This code has hackers violated and has added malware.

Malicious code in Picreel script has been found in 1.249 websites, while the code in the Alpaca Forms has been found in 3.435 domains.

Cloud CMS, after disabling the CDN with the malicious script, began research. According to her, there is no problem with Cloud CMS, customers or products.

However, it seems that behind both attacks are the same hackers.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (, as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *