BleepingComputer reports that WordPress sites are being infected by threat actors with a malicious script that facilitates distributed denial-of-service attacks against Ukrainian websites.
Hackers have inserted the script into a WordPress site to launch DDoS attacks aimed at 10 websites, including those of Ukrainian government agencies, financial sites, think tanks, International Legion of Defense of Ukraine recruitment sites, and other sites supporting Ukraine amid the Russian invasion, according to a MalwareHunterTeam report.
While only a few websites were found by BleepingComputer to have been infected with the script, developer Andrii Savchenko noted that the number of WordPress sites compromised to conduct such attacks has already reached hundreds.
"There's about hundred of them actually. All through the WP vulns. Unfortunately, many providers/owners doesn't react," Savchenko said in a tweet.
Nearly 0.5% of Slack users have been forced by the workplace productivity software provider to perform password resets following the discovery of a security vulnerability that resulted in credential exposure, SecurityWeek reports.