Security experts have uncovered a major threat: 10,000 WordPress websites compromised to distribute malware. The attackers exploited vulnerabilities in an older version of WordPress and an outdated plugin to install malicious JavaScript code on these sites. When visitors accessed the sites, they were prompted to update their browser, but instead, were infected with infostealers like Atomic (for macOS) and SocGholish (for Windows). These malware programs could steal sensitive data such as passwords, cookies, and cryptocurrency information. To defend against such attacks, web administrators are advised to update their WordPress installations, remove unused themes and plugins, and scan for and eliminate any malicious scripts. Keeping sites protected is essential in the face of evolving cyber threats.