Recently, multiple instances of the Reddit alternative called Lemmy have been compromised by hackers. These attackers appear to have taken advantage of a previously unknown vulnerability (often called zero-day vulnerability).
Lemmy is an open-source software designed for hosting news aggregation and discussion forums. Various individuals and organizations operate each Lemmy instance, and these instances are interconnected, enabling users from one server to engage with posts on other servers.
There are over 1,100 instances with a combined user base of nearly 850,000. A few days ago, an individual exploited a cross-site scripting (XSS) vulnerability related to how custom emojis are rendered. This allowed the attacker to deface pages on several prominent instances, including Lemmy world, the most popular instance, boasting over 100,000 users.