Over 5,000 WordPress sites have been hacked globally, with malware from the wp3[.]xyz domain enabling creation of fake admin accounts and stealing sensitive information, according to BleepingComputer and webscript security firm c/side. It is suggested that website admins employ firewalls and other countermeasures, scrutinize privileged accounts, employ multi-factor authentication, and bolster cross-site request forgery defenses.

The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.