While scanning wp-users table I noticed a new user, with admin privileges, was added a few days ago.
I traced the new user to a spam that Askimet caught and flagged, then I deleted that user via the Admin Panel.
I also used the IP Deny function to block out the user's particular range of IP addresses (from Russia).
I don't know how that user name was added, but I know it occurred before Askimet detected the spam from him. How can I prevent somebody from adding themselves as a new user again?