We are seeing thousands of sites compromised with an iframe from cndexit.com:
This is the iframe that we detected:
Google has already flagged this domain and found it to be responsible for the infection of more than 1.5k sites:
Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, cdnexit.com appeared to function as an intermediary for the infection of 1509 site(s) including txt.ir/, remedios-naturais.com/, pornupload.com/.
We can’t say for sure how sites got hacked, but we will post more details when we have them.