According to Foresight News, a security alert has been issued by SlowMist, warning of recent attacks on websites through a vulnerability in WordPress plugins. The attackers reportedly inject malicious JavaScript code into the sites, initiating a watering hole attack. When users visit these compromised sites, they are met with malicious pop-ups, tricking them into executing harmful code or signing Web3 wallets, leading to asset theft.
Websites using WordPress plugins are advised to check for any vulnerabilities and update their plugins promptly to avoid attacks. Users are also urged to carefully identify the programs they download and the content of Web3 signatures when visiting any site. This is to prevent downloading malicious programs or authorizing harmful signatures that could result in asset theft.