A malware concealed in a WordPress caching plugin can create administrative accounts for websites, allowing threat actors to take over infected sites. Researchers from Wordfence found the harmful plugin, which acts as either a standalone script or a plugin and offers remote plugin activation and content filtering capabilities. To stay protected, WordPress users should adhere to security best practices and employ security monitoring for their sites.
SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker
