Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[
![]()
source https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html
source https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html