Australia’s Cyber Security Centre has confirmed an active campaign targeting Australian organizations and critical infrastructure, in which attackers compromise WordPress websites to trick employees into manually running malicious commands on their Windows machines. Those commands install Vidar Stealer, malware that silently harvests passwords, browser session tokens, cryptocurrency wallets, and sensitive files. Any organization whose employees access the internet on Windows endpoints faces credential theft risk, with particular exposure for teams accessing external WordPress-hosted content.