Most likely B.Any votes as to whether it started with:
A. Phishing, watering hole, drive by download, etc. - targeting someone with admin credentials or
B. Software vulnerability on the site
Can't do that without forum access, at least for ordinary user, AFAIK.Has anyone made a JIRA entry yet?
Not to diminish the likelihood of B (e.g., SQLI etc.), but A is how a lot of breaches are starting these days at large companies. They introduce malware on a person's computer who has administrative or root access and then they have access to whatever that person has access to. It's a lot simpler than some other approaches. Is the code base for VB5 at all similar to VB4 or 3? I know it could be a plug-in or any other software but am just curious.Most likely B.
A is somewhat impossible since they only have limited developers for the software (more controlled access).