Over 5,000 WordPress websites are hosting a malicious script that creates an unauthorized admin account and downloads a harmful plugin, which steals sensitive data and exfiltrates it to a remote server, according to security researcher Himanshu Anand. To combat these attacks, he recommends blocking certain domains, auditing admin accounts, removing suspicious plugins, implementing multi-factor authentication, and strengthening CSRF protections.

Hackers are selling counterfeit phones with crypto-stealing malware
Kaspersky has identified thousands of low-cost Android smartphones sold online that come with preinstalled malware programmed to steal cryptocurrency details. The devices are infected with