What we are seeing right now.
The OwlEye SOC processes over 4 billion WordPress-targeted requests per month. A redacted slice of what we are blocking — published weekly.
Campaigns under active observation.
Operation Balada
Outdated tagDiv themes / Newspaper
Mass injection of malicious JavaScript redirecting visitors to scam pages.
WP-VCD Resurgence
Pirated premium plugins/themes
Backdoor installation, persistent admin user creation, SEO spam.
REST API Enumeration
Unhardened wp-json endpoints
Username enumeration prepping credential stuffing attacks.
SocGholish Fake Update
Compromised sites serving fake browser update lures
Drive-by delivery of remote access trojans to end visitors via injected JS.
XML-RPC Credential Spray
Legacy xmlrpc.php endpoints
High-velocity password spraying using system.multicall to bypass rate limits.
Sign1 Malware Wave
Sites with vulnerable custom HTML widgets
Injection of obfuscated JS redirecting mobile users to VAST ad-fraud networks.