Fake WordPress security alerts are being used to send malware
In the emails, the admins were warned of a new (but actually bogus) remote code execution (RCE) flaw and were urged to immediately install a plugin to defend their site from hackers. The non-existent …