Hackers are breaching WordPress sites to install malicious plugins, which push information-stealing malware through the display of fake software updates and errors. Since 2023, the ClearFake and the subsequent 2024 ClickFix campaigns have been the primary vehicles for these attacks. Recently, GoDaddy reported that over 6,000 WordPress sites have been breached to run these fake alert campaigns. The culprits gain access through stolen admin login credentials. To counter these threats, plugin audits and password resets are advised.
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the
