Over 5,000 WordPress websites are hosting a malicious script that creates an unauthorized admin account and downloads a harmful plugin, which steals sensitive data and exfiltrates it to a remote server, according to security researcher Himanshu Anand. To combat these attacks, he recommends blocking certain domains, auditing admin accounts, removing suspicious plugins, implementing multi-factor authentication, and strengthening CSRF protections.

The NHS needs to tighten its third-party supplier cybersecurity
The NHS should proactively fortify cybersecurity within its third-party software suppliers following recent damaging ransomware attacks, says Jonathan Lee from Trend Micro. He suggests implementing