Massive Balada Injector campaign attacking WordPress sites since 2017

An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector. [...]

backdoor balada injector campaign compromised exploits inject injector linux plugin researchers security theme vulnerabilities websites wordpress