Security News > 2024 > December > 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
2024-12-13 20:00
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that
News URL
https://thehackernews.com/2024/12/390000-wordpress-credentials-stolen-via.html
Related news
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws (source)
- Hackers exploit OttoKit WordPress plugin flaw to add admin accounts (source)