Security News > 2024 > December > 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

2024-12-13 20:00
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that
News URL
https://thehackernews.com/2024/12/390000-wordpress-credentials-stolen-via.html
Related news
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)