Where the hack is the vulnerability?
At WordPress. But thankfully they have a patch!
Any of you guys that use WordPress for your websites please make sure it is always patched up. Even if it does the automatic patches just check it every now and then.
“The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention.” – Wordfence
As always, stay vigilant tech guys!