VulnHub

Real-time Cybersecurity News

Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

Infosecurity Magazine
Actively Exploited
MalwareCritical

Overview

Researchers from Rapid7 have revealed that over 250 legitimate websites have been compromised to deliver malicious infostealer software to unsuspecting visitors. Among the affected sites are notable news outlets and the official webpage of a US Senate candidate. This widespread attack exploits vulnerabilities in WordPress, allowing attackers to infect users with malware designed to steal sensitive information. The incident raises serious concerns about the security of widely used web platforms and the potential risks posed to visitors. Users visiting these compromised sites may unknowingly expose their personal data, making it critical for both website administrators and visitors to be vigilant about online security.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: WordPress websites
  • Action Required: Website administrators should update WordPress and plugins to the latest versions, regularly scan for vulnerabilities, and employ security plugins to protect against malware.
  • Timeline: Newly disclosed

Original Article Summary

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers

Impact

WordPress websites

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Website administrators should update WordPress and plugins to the latest versions, regularly scan for vulnerabilities, and employ security plugins to protect against malware.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Critical.

Read Original Article

Related Coverage

This security flaw could affect 1 in 4 Android phones - how to check yours

Latest news

A significant hardware vulnerability has been identified that affects approximately 25% of Android phones, particularly those in the budget category. This flaw allows attackers to potentially steal sensitive information, including cryptocurrency wallet seed phrases, in under a minute. Users of affected devices should be concerned as this could lead to serious financial losses and privacy breaches. The issue emphasizes the need for manufacturers to improve security measures in their devices and for users to be vigilant about their phone's security. It's crucial for owners of budget Android phones to check if their devices are impacted and take necessary precautions.

Mar 11, 2026

CISA orders feds to patch n8n RCE flaw exploited in attacks

BleepingComputer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to address a critical vulnerability in n8n, an open-source workflow automation tool, that is currently being exploited by attackers. This vulnerability allows remote code execution, meaning that an unauthorized user can potentially take control of affected systems. Government agencies must prioritize patching their systems to prevent further exploitation and protect sensitive data. The urgency of this directive reflects the growing concerns about the security of automation tools in government operations. Agencies are advised to act swiftly to ensure their systems are secure against this active threat.

Mar 11, 2026

Researchers uncover AI-powered vishing platform

Help Net Security

Researchers at Mirage Security have identified a new vishing-as-a-service platform that utilizes AI voice technology from ElevenLabs to facilitate 'press 1' scams. In these scams, fraudsters spoof phone numbers belonging to trusted organizations, like banks, and then call potential victims. They play pre-recorded messages designed to instill fear, urging victims to share sensitive personal information. This type of scam can lead to identity theft and financial loss for individuals. The misuse of advanced AI for these malicious purposes raises concerns about the evolving tactics of scammers and the effectiveness of current security measures to protect consumers.

Mar 11, 2026

New PhantomRaven NPM attack wave steals dev data via 88 packages

BleepingComputer

A new wave of attacks associated with the 'PhantomRaven' supply-chain campaign is targeting the npm registry, where attackers have uploaded 88 malicious packages. These packages are designed to steal sensitive data from JavaScript developers, posing a significant risk to their projects and potentially compromising their intellectual property. Researchers found that the malicious code can extract various types of developer information, which could be exploited for further attacks or sold on the dark web. This incident serves as a reminder for developers to be cautious about the packages they use and to verify their sources before integrating them into their work. As the use of npm packages continues to grow, so does the potential for such supply-chain attacks, making awareness and vigilance crucial for developers.

Mar 11, 2026

France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025

Infosecurity Magazine

In 2025, France's National Cybersecurity Agency reported a decrease in ransomware attacks, although small and medium-sized businesses (SMBs) continued to be the primary targets. This trend suggests that while some progress may have been made in combating ransomware, these smaller organizations remain vulnerable and appealing to cybercriminals due to potentially weaker defenses. The agency's findings indicate that the need for enhanced cybersecurity measures among SMBs is still crucial. As these businesses play a vital role in the economy, ensuring their protection against ransomware is essential for overall national security. Companies must prioritize cybersecurity training and invest in robust defenses to mitigate risks.

Mar 11, 2026

MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack

SecurityWeek

Stryker, a major player in the medical technology sector, has fallen victim to a cyberattack attributed to the Handala group, which is believed to have links to Iran. The attackers reportedly erased data from over 200,000 of Stryker's devices, significantly disrupting the company's operations. This incident raises serious concerns about the security of medical devices, which are increasingly connected to networks and can be vulnerable to cyber threats. The impact of such an attack could affect patient care and safety, as well as damage the trust in medical technology providers. As healthcare increasingly relies on technology, incidents like this highlight the urgent need for robust cybersecurity measures in the industry.

Mar 11, 2026