Hacked WordPress sites use visitors' browsers to hack other sites

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨Squire1039@lemm.ee⁩ to ⁨technology@lemmy.world⁩

https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/

Summary

Hackers are compromising WordPress sites to inject malicious scripts. These scripts can either steal cryptocurrency from visitors’ wallets or hijack their browsers to launch brute-force attacks against other websites. The hackers are likely building a larger pool of compromised sites to launch more extensive attacks in the future.

source

Comments

Sort:hotnew top

Kissaki@feddit.de ⁨11⁩ ⁨months⁩ ago

will cause the visitor’s browser to quietly upload a file using the WordPress site’s XMLRPC interface

It’s absurd that XMLRPC is still not disabled by default.

source