For years, Patchstack has pushed the boundaries of virtual patching. Over the past two years we have relentlessly innovated to deliver the fastest, most accurate vulnerability-mitigation solution for...

Sometimes, when things aren't working out, a change is necessary. This happened already once in 2021, and today, another pivot is needed.

Let’s take a closer look at how the security responsibility should be communicated to the website owners, so they would understand why it’s important for them to invest into security.

The most powerful thing you can do to protect your website—and your business—is to change the way you think about security.

When you receive a security report, what should be the first steps, how should you react, and how quickly should you address the issue?

Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP address 193.160.101.6 tries to request, for every site, the...

Here are my thoughts, ideas, and insights—from personal reflections to deep dives into web security. Whether you're just curious or eager to learn, you’re in the right place. Getting Started with...

TL;DR - Our investigation of a single color picker exposed a coordinated campaign of 18 malicious extensions that infected millions

As the leading threat intelligence provider in the WordPress ecosystem, Patchstack has more experience with validating reports and coordinating vulnerability disclosures than anyone else. Because of...

FAIR Package Manager Project has 9 repositories available. Follow their code on GitHub.

🚨 A critical unpatched vulnerability in the PayU CommercePro plugin plugin allows unauthenticated users to takeover any account and become administrators. Over 5k sites affected. As usual, Patchst...