Fortra Intelligence and Research Experts (FIRE) have just published a report on a new phishing kit, RatPressto, targeting large corporations with the goal of credential theft and data exfiltration. It uses compromised WordPress sites, often with exposed /wp-admin access, to deliver near-identical phishing pages that mimic trusted workflows and silently deploy remote access tools via hidden iframes.
Key findings:
- Reusable, byte‑identical phishing infrastructure
- Heavy reliance on compromised WordPress environments
- Victim‑specific lures to boost credibility
- GitHub staging and shift to self-hosted ScreenConnect
- Silent payload delivery through hidden iframes
Insecure or exposed WordPress admin access is a critical risk factor, and organizations should audit and harden immediately as activity continues.
Full report can be found here: https://www.fortra.com/blog/ratpressto-phishing-kit
Related
This entry was posted on May 29, 2026 at 7:54 am and is filed under Commentary with tags Fotra. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New FIRE Report: “RatPressto” phish kit scales quietly via WordPress
Fortra Intelligence and Research Experts (FIRE) have just published a report on a new phishing kit, RatPressto, targeting large corporations with the goal of credential theft and data exfiltration. It uses compromised WordPress sites, often with exposed /wp-admin access, to deliver near-identical phishing pages that mimic trusted workflows and silently deploy remote access tools via hidden iframes.
Key findings:
Insecure or exposed WordPress admin access is a critical risk factor, and organizations should audit and harden immediately as activity continues.
Full report can be found here: https://www.fortra.com/blog/ratpressto-phishing-kit
Share this:
Like this:
Related
This entry was posted on May 29, 2026 at 7:54 am and is filed under Commentary with tags Fotra. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.