Close to 400,000 WordPress Login Credentials Compromised

Global
Close to 400,000 WordPress Login Credentials Compromised

Published:

Written by: Staff Editor
spot_img

Major Security Breach: Over 390,000 WordPress Credentials Stolen in Targeted Campaign Against Security Researchers and Pentesters

Title: Major Cyber Heist: 390,000 WordPress Credentials Stolen in Targeted Campaign

In a shocking cybersecurity breach, researchers from Datadog Security Labs have uncovered the extensive theft of over 390,000 WordPress credentials linked to a threat actor known as MUT-1244. This theft is the culmination of a year-long, large-scale operation that cunningly targeted a mix of cybersecurity professionals, including penetration testers and even rival malicious actors.

The attackers’ strategy employed sophisticated tactics, including the deployment of dozens of fraudulent GitHub repositories populated with fake proof-of-concept exploits. As victims unwittingly downloaded and executed this malicious code, second-stage payloads ensnared their credentials. Not only did this operation leverage the trust placed in established threat intelligence feeds, but it also included an elaborate phishing campaign designed to coax targets into installing a fake kernel update, further expanding the attackers’ reach.

Security experts have expressed their concerns regarding this attack methodology. Casey Ellis, Founder and Advisor at Bugcrowd, described the tactics as a reminder that even those who offer offensive security services can become part of an exploitable supply chain. Jason Soroko, Senior Fellow at Sectigo, emphasized the implications of this supply chain attack, noting how it undermined standard software acquisition processes by poisoning trusted sources.

“Security professionals must treat all code as potentially dangerous, even from established platforms,” cautioned Stephen Kowski, Field CTO at SlashNext Email Security+. He highlighted the necessity for robust verification measures and advanced threat detection tools to identify malicious patterns in real time.

This breach is a wake-up call for the cybersecurity community, underscoring the critical need for increased vigilance in code review and the implementation of automated security scanning solutions to prevent similar incidents in the future.

spot_img

Related articles

Recent articles

Government Sector Remains Top Cybercrime Target, Accounting for 19% of High-Severity Incidents in 2025

Regional
Government Sector Remains Top Cybercrime Target, Accounting for 19% of High-Severity Incidents in 2025 In a revealing analysis of the cybersecurity landscape, Kaspersky Security Services'...
Read more

Tata Steel Partners with Google Cloud to Accelerate Global AI Deployment Across Value Chain

Global
Tata Steel Partners with Google Cloud to Accelerate Global AI Deployment Across Value Chain In a significant move for the industrial sector, Tata Steel has...
Read more

AI Assistant OpenClaw Accelerates Security Risks as Organizations Navigate New Threats

Dark Watch
AI Assistant OpenClaw Accelerates Security Risks as Organizations Navigate New Threats The emergence of AI-based assistants, or “agents,” has gained significant traction among developers and...
Read more

Veeam Advances Cyber-Resilience Strategies for Enterprises Amid Rising Ransomware Threats

Features
Veeam Advances Cyber-Resilience Strategies for Enterprises Amid Rising Ransomware Threats In an era marked by escalating cyber threats, the need for robust data protection and...
Read more