The BuddyBoss campaign (Parts 1 & 2) represents a full-spectrum software supply chain attack against the WordPress ecosystem, where the threat actor compromised the BuddyBoss plugin/theme distribution pipeline and leveraged it to infect hundreds of downstream websites. The ini...

The BuddyBoss campaign (Parts 1 & 2) represents a full-spectrum software supply chain attack against the WordPress ecosystem, where the threat actor compromised the BuddyBoss plugin/theme distribution pipeline and leveraged it to infect hundreds of downstream websites. The ini...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/buddyboss-supply-chain-attack