Security News > 2025 > January > WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

2025-01-14 20:54

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]

News URL

https://www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/

#attack #malware #wordpress

Related news

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
Thousands of WordPress Websites Infected with Malware (source)
Malware campaign 'DollyWay' breached 20,000 WordPress sites (source)
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
Open-source malware doubles, data exfiltration attacks dominate (source)
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	93	44	18	157

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.