A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. In both cases, the threat actor tried to exploit old vulnerabilities in outdated WordPress plugins and themes. The latest attacks “The previously reported XSS campaigns sent attacks from over 20,000 different IP addresses. … Continue reading Attackers tried to grab WordPress configuration files from over a million sites