CyberNews Briefs

Mailgun hacked part of massive attack on WordPress sites

Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows attackers to inject malicious code into legitimate websites that will cause users to get redirected to malicious websites.

The discontinued plugin has been installed on more than 60,000 websites. Even though the flaw was originally discovered by a security researcher and not by a hacker, the researcher did not notify the plugin’s author, and instead published proof-of-concept code of the attack online. One of the many victims of the attack was Mailgun, an automated service for sending, receiving, and tracking emails.

Read more: Mailgun hacked part of massive attack on WordPress sites

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.