
WordPress MitM and RCE ShellDrop Exploit - DyslexicAtheist
https://twitter.com/nickstadb/status/1040598497035276288
======
deytempo
This isn’t that special. If you control the DNS for anything you can serve
your own version of their updates if the software isn’t checking the remote
certificates and package checksums

