Research · March 27, 2026

WordPress Supply Chain Attacks: BuddyBoss, Gravity Forms, and the Trust Problem

Three premium plugin supply chains compromised in 12 months. Attackers are targeting vendor update infrastructure, and we publish 10 new LMD signatures to catch current and future backdoors.

Read the Research All Research

Threat Advisory

3 vendor update channels compromised

10 new LMD detection signatures

Generic rules for future supply chain backdoors

IOCs and remediation playbook

maldetmalwarewordpresssupply-chain

Research · March 25, 2026

Magento PolyShell: Detection, Mitigation, and LMD Signatures

Unauthenticated file upload in Magento's REST API lets attackers plant PHP webshells disguised as GIF images. We publish ModSecurity rules, hardening configs, and four new LMD signatures.

Read the Research All Research

Threat Advisory

6 ModSecurity rules across 4 defense layers

Apache and nginx hardening guidance

4 new LMD detection signatures

IOCs and filesystem sweep guidance

maldetmalwarevulnerabilitymodsecurity

Active Servers (30d)

365.7k

Requests (30d)

36.35M

GitHub

2,104

Deployed across government, defense, education & enterprise networks

govNISTgovNOAAgovNIHgovUNAMdefenseNATO CCDCOEeduStanford UniversityeduHarvard UniversityeduNational Taiwan UniversityeduCity University of New YorkresearchDFNresearchRENATERresearchJANETresearchSURFnetresearchRedIRISresearchGARRresearchUNINETTresearchSWITCHenterpriseAmazon Web ServicesenterpriseMicrosoftenterpriseGoogleenterpriseDeutsche TelekomenterpriseVodafoneenterpriseTelefonicaenterpriseOrangeenterpriseCogententerpriseIONOShostingLiquid WebhostingVultrhostingDigitalOceanhostingHetznerhostingOVHhostingNexcesshostingContabohostingLeasewebhostingBluehostgovNISTgovNOAAgovNIHgovUNAMdefenseNATO CCDCOEeduStanford UniversityeduHarvard UniversityeduNational Taiwan UniversityeduCity University of New YorkresearchDFNresearchRENATERresearchJANETresearchSURFnetresearchRedIRISresearchGARRresearchUNINETTresearchSWITCHenterpriseAmazon Web ServicesenterpriseMicrosoftenterpriseGoogleenterpriseDeutsche TelekomenterpriseVodafoneenterpriseTelefonicaenterpriseOrangeenterpriseCogententerpriseIONOShostingLiquid WebhostingVultrhostingDigitalOceanhostingHetznerhostingOVHhostingNexcesshostingContabohostingLeasewebhostingBluehost

$git clone https://github.com/rfxn/linux-malware-detect.git && cd linux-malware-detect && ./install.sh

Recent GitHub Activity

View all

linux-malware-detect9h ago

Pushed to linux-malware-detect: pushed commits

Push

advanced-policy-firewall11h ago

Pushed to advanced-policy-firewall: pushed commits

Push

brute-force-detection13h ago

Pushed to brute-force-detection: pushed commits

Push

pkg_lib15h ago

Pushed to pkg_lib: pushed commits

Push

depot1d ago

Pushed to depot: pushed commits

Push

depot1d ago

Created branch main in depot

Create

Featured Projects

View all

LMDv1.6.6.1

1,382

Linux Malware Detect

A high-performance malware scanner for Linux designed for the multi-core era. v2.0.1 introduces a foundational engine leap that delivers up to 10x faster performance than traditional scanners via hash-first short-circuiting and batch-parallel processing.

Learn more

APFv2.0.1

101

Advanced Policy Firewall

An iptables(netfilter) based firewall system for Linux servers. Provides three-fold filtering with static rules, stateful connection tracking, and sanity-based packet inspection.

Learn more

BFDv1.5

Brute Force Detection

A modular shell script for parsing application logs and detecting authentication failures. Uses regex rules and integrates with APF, Shorewall, or raw iptables for blocking.

Learn more

Quick Start

Get up and running in minutes. All tools install from source with a single command.

LMDLinux Malware Detect

bash

$ git clone https://github.com/rfxn/linux-malware-detect.git && cd linux-malware-detect && ./install.sh

APFAdvanced Policy Firewall

bash

$ git clone https://github.com/rfxn/advanced-policy-firewall.git && cd advanced-policy-firewall && ./install.sh

BFDBrute Force Detection

bash

$ git clone https://github.com/rfxn/brute-force-detection.git && cd brute-force-detection && ./install.sh

Built for Real-World Linux Security

Threat-Driven Design

Built from real malware data collected at the network edge. Every detection signature comes from active threats seen in production hosting environments, not theoretical research.

Shell-Native & Lightweight

Pure bash with minimal dependencies. No agents, no daemons eating resources, no runtime interpreters. Runs on any Linux system from embedded devices to enterprise servers.

Community-Sustained

20+ years of open source development under GPL v2. No venture funding, no enterprise upsells. Sustained by the community of sysadmins who rely on these tools daily.

Protection Stack

Three tools, one defense-in-depth strategy. Layer them together for comprehensive Linux security.

Layer 1

Malware Detection

LMD

Scan & quarantine threats from real hosting threat data

Layer 2

Firewall Policy

APF

Stateful iptables filtering with reactive address blocking

Layer 3

Intrusion Prevention

BFD

Block brute-force auth attacks with modular log parsing

Connect

About

@rfxn

Linux security, open source, and systems engineering

rfxn

Open source projects and contributions

Ryan MacDonald

SVP/CTO at Liquid Web

rfxn

Identity verification and encrypted messaging

Contact

Security reports and project inquiries

Support Open Source Security

R-fx Networks projects are entirely community-funded. If these tools help protect your infrastructure, consider contributing.

Support the Project Star on GitHub