Hackers took over 8.7 million WordPress sites in two days, targeting critical vulnerabilities in popular plugins.
As seen on a Russian-language hacking forum, this news report: A major vulnerability exploitation campaign has hit WordPress sites: attackers are targeting resources running the GutenKit and Hunk Companion plugins, which are vulnerable to critical vulnerabilities that allow arbitrary code execution on the server. Wordfence , a WordPress security company, recorded 8.7 million attack attempts in just two days—October […]

 
  
  
  
      
      
     
Self-Replicating Worm Hits 180+ Software Packages
KrebsOnSecurity.com reports: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. […]