Skip to main content
  1. Home
  2. Computing
  3. News

Another WordPress exploit hits thousands of sites

Add as a preferred source on Google

The downside of becoming a popular content management system is that more and more people are looking for bugs you may have, in order to exploit them. It makes sense, as the more people use something, the more potential targets you have if you find a bug. But for WordPress’ developers, it must be an exercise in frustration patching holes as often as they need to.

Yet another bug has been found in the popular CMS in the past couple of weeks, and it’s seen thousands of sites targeted and millions of visitors made vulnerable. Visitors to sites that have been compromised risk being redirected to a site that attempts to infect them with the Nuclear Exploit kit, an ever-evolving arsenal of malware that can inject ransomware into a system, locking the desktop and encrypting files while demanding payment to return them to normal.

Recommended Videos

This nefarious campaign has been termed VisitorTracker by website security firm Sucuri, which is keeping on top of the malware’s development. At its current rate, around 6,000 WordPress sites are being infected every single day, which is a massive upswing from just a few days ago, where only 1,000 per day were being affected.

Related: Should you worry about malware on your phone? We asked the experts

Unfortunately, despite the interest in this exploit, nobody is quite sure how it’s infecting sites as of yet – though the expected entry point is one or more extensions and plugins. As a preventative measure, site owners are encouraged to update to the latest version of WordPress if they haven’t already and update all of their plugins – even the Premium ones.

Sucuri is — perhaps unsurprisingly — also advertising its own malware detection tool, which can scan a website to see if it’s been affected by this or any other threats. Even if your site hasn’t though, the firm still recommends a Sucuri subscription, which perhaps should be taken with a pinch of salt.

For the rest of us, it’s just a case of staying safe online with all of the usual safeguards. Be especially careful when visiting some of your favorite sites over the next week or so while this bug works itself out.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
South Korea wants to give every citizen free, unlimited access to its own AI chatbot
The government-backed service could turn generative AI into public infrastructure instead of another monthly subscription
Electronics, Mobile Phone, Phone

South Korea wants to give every citizen free access to an AI chatbot with no usage limits. That puts the technology closer to a public utility than another premium service demanding a monthly subscription.

The Ministry of Science and ICT announced the AI for Everyone project on July 13. Private companies will build the platform around locally developed models, while a separate AI agent will help people navigate government services. It’s a more practical job than generating emails or settling arguments nobody wanted to research themselves.

Read more
Falling in love with a chatbot is now off limits for kids in China
The crackdown targets emotional AI relationships as regulators worry about the country's record low birthrate.
Replika AI companion app on an iPhone in hand

Ever since AI chatbots arrived on the scene, there has been one aspect that has worried lawmakers and experts a lot: humans forming emotional connections with chatbots. There have been plenty of cases where over-reliance on these AI companions or partners has resulted in medical emergencies, lost lives, and triggered multiple lawsuits against the likes of OpenAI and Meta.

China cracks down on AI companion apps

Read more
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more