ADVERTISEMENT

Hackers hijack Wordpress sites and deploy CAPTCHA ClickFix in global infostealer campaign

Cybercriminals have compromised hundreds of websites – including regional news outlets and the website of a US Senate candidate – in a global malware operation new research has uncovered.

WordPress hacking

By Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Mar 11, 2026 Updated: 12 March 2026 2 min read
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
"The most likely scenario we are considering is that the attackers are not exploiting a WordPress-related vulnerability at all, but rather they are using valid credentials to hijack website administrator accounts by simply logging into publicly exposed admin panels."
Milan Špinka, security researcher, Rapid 7.
ADVERTISEMENT

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
link_title link_title

ADVERTISEMENT