Over 5,000 WordPress websites are hosting a malicious script that creates an unauthorized admin account and downloads a harmful plugin, which steals sensitive data and exfiltrates it to a remote server, according to security researcher Himanshu Anand. To combat these attacks, he recommends blocking certain domains, auditing admin accounts, removing suspicious plugins, implementing multi-factor authentication, and strengthening CSRF protections.
Startup necromancy: Dead Google Apps domains can be compromised by new owners
Many businesses are not properly closing their Google accounts when they fail or are sold, posing significant risks, as the accounts often still give access
