Fortra Intelligence and Research Experts (FIRE) have just published a report on a new phishing kit, RatPressto, targeting large corporations with the goal of credential theft and data exfiltration. It uses compromised WordPress sites, often with exposed /wp-admin access, to deliver near-identical phishing pages that mimic trusted workflows and silently deploy remote access tools via hidden iframes.
Key findings:
- Reusable, byte‑identical phishing infrastructure
- Heavy reliance on compromised WordPress environments
- Victim‑specific lures to boost credibility
- GitHub staging and shift to self-hosted ScreenConnect
- Silent payload delivery through hidden iframes
Insecure or exposed WordPress admin access is a critical risk factor, and organizations should audit and harden immediately as activity continues.
Full report can be found here: https://www.fortra.com/blog/ratpressto-phishing-kit
New FIRE Report: “RatPressto” phish kit scales quietly via WordPress
Posted in Commentary with tags Fotra on May 29, 2026 by itnerdFortra Intelligence and Research Experts (FIRE) have just published a report on a new phishing kit, RatPressto, targeting large corporations with the goal of credential theft and data exfiltration. It uses compromised WordPress sites, often with exposed /wp-admin access, to deliver near-identical phishing pages that mimic trusted workflows and silently deploy remote access tools via hidden iframes.
Key findings:
Insecure or exposed WordPress admin access is a critical risk factor, and organizations should audit and harden immediately as activity continues.
Full report can be found here: https://www.fortra.com/blog/ratpressto-phishing-kit
Leave a comment »