Hackers breach Picreel, CloudCMS, affecting over 4,600 websites

In News

Hackers have breached two services and infected over 4,600 websites with malware by modifying their JavaScript code, according to cybersecurity researchers.

In a series of tweets, a researcher said that Picreel, an analytics service that enables website owners to see what users are doing and how they interact with a website, was hacked last week.

“Their 1200+ customer sites are now leaking data to an exfil server in Panama,” he said.

Later on, the same researcher said in another tweet, that CloudCMS.com had also been hacked, affecting some 3,400 websites. Its content delivery network (CDN) had been breached, allowing hackers to modify one of its Alpaca Forms scripts. Alpaca Forms is an open source project that lets website owners create web forms.

It is not known how hackers breached either service.

Reports say that CloudCMS has taken down the affected CDN serving up the compromised Alpaca Form script and that the incident is under investigation. Reports also say that both Picreel and CloudCMS have removed the malicious code from their services.

This is the latest in a series of efforts by hackers to compromise web sites through their use of open source components. In fact, in the 2019 OSSRA report it was observed that open source components were in use in 96 percent of the audited applications, and that’s because application development teams focus on their unique code and leave the plumbing and foundation to shared components from the open source community. Malicious actors then take advantage of this dynamic to affect components.



You may also read!

du acknowledged as the Best MSSP in the Middle East

du, from Emirates Integrated Telecommunications Company (EITC), presented the Managed Security Service Provider, “Visionary of the Year” Award by


Forcepoint recognizes its partners in the region

Leading cybersecurity firm, Forcepoint recognized its key channel partner during its partner event held recently in Dubai, which was


Tenable research discovers download hijack vulnerability in Slack

Tenable Inc, the Cyber Exposure company, announced that its research team has discovered a vulnerability in the Slack Desktop


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu