<ul><li>A cybercrime attack targeting WordPress websites resulted in the theft of login credentials for approximately 390,000 accounts.</li><li>The attack involved a malicious package that was uploaded to the NPM package repository, disguised as an XML-RPC implementation, and later introduced malware via updates.</li><li>The malware was designed to steal sensitive data, such as SSH keys and bash history, and install cryptojackers on compromised endpoints.</li><li>Researchers discovered approximately 68 compromised systems actively mining the cryptocurrency Monero.</li></ul>

Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen

Discover more