According to the article, at least 6,000 sites could be compromised where fake plugins and other softare could be installed by the actor.
Many figures show the path, including automated login using the creds that have been stolen. How, we don’t know, but we do know that they aren’t visiting the log in page at the site directly.
One of the things I did when I created the blog is make sure I didn’t use the username admin.
I should in theory use a stronger password today, but I’ve not gotten there. I’m not saying my password is weak, but it could probably be better.
Over 6,000 WordPress hacked to install plugins pushing infostealers is your article.
It talks about the fact it uses legitimate software to tell you they need updating among other things.
Read this to learn more. Thanks so much for reading!