WordPress Hacking Campaign Leads To Attackers Getting Passwords For Other Websites
Hackers are launching large-scale attacks on WordPress sites, injecting scripts to force visitors' browsers to brute-force passwords on other platforms. Sucuri, a cybersecurity firm, identified the campaign and linked it to a threat actor known for inserting crypto wallet-drainer scripts into breached sites. These malicious scripts, termed crypto wallet drainers, steal all assets from connected wallets, misleading users into connecting their wallets before siphoning off their assets. Recently, hackers shifted tactics, using a new malicious script to hijack visitors' browsers for brute-forcing WordPress sites. Read more...