by WordPress recently released version 6.0.3 with 16 bugs patched, but it’s worth noting that one of the bugs is the most likely to be exploited because attackers don’t need to authenticate to launch the attack. In order to reduce the vigilance of victims, hackers have also used the verification mechanism of real people and bots that some users often encounter in recent years, so that people mistakenly believe that the website that checks the identity is a legitimate website. For example, in the recent Ursnif malware attack, hackers placed malicious files on web pages that required the entry of CAPTCHA codes. Beware that online conversion services also become a conduit for hackers to spread malware! Some people set up a fake file format conversion service website. Although this website provides an upload function, if it does, the user is likely to install stealing software on the computer.
