A malware campaign targeted 5,000 WordPress sites, enabling unauthorized admin users to download dangerous plugins. WordPress users are advised to check site security and remove suspicious plugins and unauthorized admins. C/side, the company reporting the campaign, recommends blocking the domain wp3[.]xyz, implementing multifactor authentication and taking measures to protect against Cross-Site Request Forgery (CSRF) attacks. Users are also advised to verify plugin sources are reputable.
FBI deletes Chinese malware from more than 4,200 computers
US law enforcement, with court authorization, reportedly deleted the China-originated PlugX malware from 4,258 US computers as part of a broader international operation against a
