OpenSUSE Site Hacked
News site for the openSUSE community falls victim to a Wordpress exploit.
The news.opensuse.org site was hacked this week. Attackers defaced the site and posted the Kurdish flag and a message. The site was isolated from the rest of the openSUSE infrastructure, so critical services like the build, test, and download systems were untouched.
“Our offered downloads remain safe and consistent, and there was no breach of any openSUSE contributor data,” openSUSE chairman, Richard Brown told us.
The hacked site runs WordPress, and it appears that the CMS software was not updated, allowing the attackers to exploit a known vulnerability.
The ‘news.opensuse.org’ site is not managed by the SUSE or openSUSE IT teams but is, instead, administered by a team from SUSE's parent company Micro Focus.