Backdoor on HackingPassion.com : root@HackingPassion.com-[~]

OptinMonster Supply Chain Attack Hits 1.2 Million WordPress Sites

Tue, 16 Jun 2026 11:39:30 +0200

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a hidden backdoor. It came in through plugins they trusted, OptinMonster, TrustPulse and PushEngage, and it only fired on the sites where an administrator was logged in.

Sansec found it on 13 June 2026. The poisoned script belonged to three popular WordPress plugins: OptinMonster, TrustPulse and PushEngage, all run by the same company, Awesome Motive. These plugins do the small marketing jobs many sites rely on, popups, social proof notifications and browser push messages. To do that, each one loads a little piece of JavaScript called an SDK from the vendor’s own content delivery network, the CDN. That SDK is the part the attacker tampered with.

PamDOORa Steals SSH Credentials on Linux by Hiding Inside PAM Where No Antivirus Looks

Sun, 10 May 2026 12:12:16 +0200

A backdoor called PamDOORa targets Linux systems through PAM and steals SSH credentials from every user who logs in. It leaves no trace in process lists, antivirus, or logs. When the security team connects via SSH to investigate, their credentials get stolen too.

When someone logs into a Linux server, the system runs PAM to check the password. PAM stands for Pluggable Authentication Modules, and it handles authentication for everything that requires a login: SSH, sudo, the login prompt. Instead of building that check into each program separately, Linux sends everything through PAM using configuration files stored in /etc/pam.d/, one file per service. The file for SSH is /etc/pam.d/sshd. It tells PAM which modules to run, in what order, and what to do when one fails.