In WordPress security news, WPTavern report that Hacked Home Routers are launching Brute Force attacks on WordPress sites.
The research was carried out by the team that produces the WordFence plugin. WordFence captures a global view with information from sites that installed their plugin. The global view showed a many attempts at logins were coming from Algeria. Later investigations by WordFence discovered the routers used by the Algerian telco are. The routers had been susceptible to the Misfortune Cookie attack, which Checkpoint discovered in 2014. These compromised routers were then trickle feeding attacks against WordPress hosts, at a rate which would normally be below the radar of any individual host tracking by IP address.
WordFence have a blog entry on the Thousands of Hacked Home Routers attacking WordPress sites, covering a little more on their analysis and a tool to check if your own home router is vulnerable.