Over 5,000 WordPress sites infected by WP3.XYZ malware. Malware creates unauthorized admin accounts, downloads malicious plugins, and sends sensitive data to attackers. Check sites for unauthorized accounts and plugins. Block domain WP3.XYZ, audit admin accounts, and enable MFA for protection.
https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack