QuoteNews broke yesterday that many LastPass users were reporting their master passwords being compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. LastPass apparently indicated it's credential stuffing related to fairly common bot-related...
Here's another critical vulnerability in a WP plugin which affects millions of WP sites:
The plugin, Variation Swatches for WooCommerce, allowed hackers to access more than 80,000 WP sites! There is a fix available: