Over 5,000 WordPress sites have been hacked globally, with malware from the wp3[.]xyz domain enabling creation of fake admin accounts and stealing sensitive information, according to BleepingComputer and webscript security firm c/side. It is suggested that website admins employ firewalls and other countermeasures, scrutinize privileged accounts, employ multi-factor authentication, and bolster cross-site request forgery defenses.

Hackers are selling counterfeit phones with crypto-stealing malware
Kaspersky has identified thousands of low-cost Android smartphones sold online that come with preinstalled malware programmed to steal cryptocurrency details. The devices are infected with