Over 5,000 WordPress sites infected by WP3.XYZ malware. Malware creates unauthorized admin accounts, downloads malicious plugins, and sends sensitive data to attackers. Check sites for unauthorized accounts and plugins. Block domain WP3.XYZ, audit admin accounts, and enable MFA for protection.
https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack
New PhishWP plugin enables creation of fake payment pages, allowing cybercriminals to steal sensitive data. It mimics trusted services like Stripe, collecting credit card info and OTPs, sending this data to attackers via Telegram. PhishWP can compromise existing WordPress sites or create fraudulent ones, making scams difficult to detect. It features customizable checkouts, data collection capabilities, and real-time data transmission, posing a significant security threat. Experts recommend using advanced phishing protection tools to combat such scams.
