Technology
Two Supply Chain Attacks Hit WordPress in One Week
Between April 5 and April 7, two unrelated supply chain attacks compromised WordPress sites through the one channel admins are trained to trust: plugin updates. One hijacked Nextend's update servers to push a weaponized Smart Slider 3 Pro build to 800,000+ installations. The other activated dormant backdoors in 30+ plugins an attacker had quietly purchased on Flippa a year earlier.