This morning i got an email
Someone requested that the password be reset for the following account:
If this was a mistake, just ignore this email and nothing will happen.
To reset your password, visit the following address:
Then i noticed one of my subpages name / pages / slugs etc were changed to "Hacked by 000SM000"
they only got one of my subpage before I restored the DB. Also had a request to change the admin email address to LOL@maindomain.com
Looking at google alot of sites are getting defaced by this hack this morning. Any others seen this? know the vulnerability?
I didn't save the current db to dig through it further before restoring so i don't have a way to research source ups, etc.