WordPress Websites Are Being Hacked to Hijack Your Browser and Then Attack Other Sites
WordPress Websites Are Being Hacked to Hijack Your Browser and Then Attack Other Sites
Experts have warned that cybercriminals are using compromised WordPress websites to form a huge army of credential stuffing attacks.
A report from cybersecurity researchers Sucuri detected the campaign and they believe they know what its goal is: to search for vulnerable sites from the website builder, where they can install a small script in the HTML templates. That script forces the website visitor's computer to visit a different WordPress website (in the background, without the victim knowing) and try to log in using different username and password combinations.