A malware campaign targeted 5,000 WordPress sites, enabling unauthorized admin users to download dangerous plugins. WordPress users are advised to check site security and remove suspicious plugins and unauthorized admins. C/side, the company reporting the campaign, recommends blocking the domain wp3[.]xyz, implementing multifactor authentication and taking measures to protect against Cross-Site Request Forgery (CSRF) attacks. Users are also advised to verify plugin sources are reputable.

The NHS needs to tighten its third-party supplier cybersecurity
The NHS should proactively fortify cybersecurity within its third-party software suppliers following recent damaging ransomware attacks, says Jonathan Lee from Trend Micro. He suggests implementing