Spyke
technology·TechnologybySquire1039

Hacked WordPress sites use visitors' browsers to hack other sites

Summary

Hackers are compromising WordPress sites to inject malicious scripts. These scripts can either steal cryptocurrency from visitors' wallets or hijack their browsers to launch brute-force attacks against other websites. The hackers are likely building a larger pool of compromised sites to launch more extensive attacks in the future.

Hacked WordPress sites use visitors' browsers to hack other siteshttps://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/Open linkView original on lemm.ee
92
Comments1
Kissaki
feddit.de

will cause the visitor's browser to quietly upload a file using the WordPress site's XMLRPC interface

It's absurd that XMLRPC is still not disabled by default.

It's been an unnecessary weak point in the attack surface for many years.

20

You reached the end

Hacked WordPress sites use visitors' browsers to hack other sites | Spyke