APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
https://threatpost.com/zoho-zero-day-manageengine-active-attack/177178/
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
https://threatpost.com/active-attack-takeover-wordpress/176933/