A sophisticated attack targeting WordPress administrators has been uncovered, revealing how threat actors compromised legitimate JavaScript files from popular marketing plugins to create persistent backdoors on thousands of websites. This supply chain attack demonstrates the growing danger of targeting trusted third-party components to bypass traditional security measures.
Security researchers discovered that attackers had tampered with JavaScript files used by three widely adopted WordPress plugins: PushEngage, OptinMonster, and TrustPulse. These compromised files were engineered to activate only when a website administrator was logged
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!