Thousands of WordPress sites redirecting users to dangerous domains

Over 900,000 WordPress sites have been targeted in a new attack campaign which aims to redirect visitors to malvertising sites or plant backdoors into a theme’s header if an administrator is logged in.

The majority of these attacks appear to be the work of a single threat actor based on the malicious JavaScript payload they are attempting to inject in vulnerable sites. The attacker also leveraged older vulnerabilities that allowed them to change a site’s home URL to the same domain used in the cross-site scripting (XSS) payload in order to redirect visitors to malvertising sites.

Source Article

Frederic M. Kolodziej

Next Post

The Intel Core i9-10900K overclocks like a champion, according to latest leak

Wed May 6 , 2020
More leaked benchmarks for the Intel Core i9-10900K have surfaced online, showing the new top processor hitting an impressive 5.4GHz.  The Intel Core i9-10900K was announced last week as the flagship CPU in Intel’s 10th-generation Comet Lake-S lineup. Improving on the Core i9-9900K before it, the new processor packs 10 […]