According to a new report from Menlo Security, one out of three of the top million websites are either vulnerable to hacking or already hacked.
For example, attackers used the Forbes.com website last month for a quick watering hole attack.
According to Dallas-based research firm iSIGHT Partners, Inc., the attack only lasted a couple of days in late 2014, used a zero-day Adobe Flash vulnerability, and was linked to a Chinese cyber espionage group.
"We saw the Forbes.com hack, and that there were quite a few other sites being hacked, delivering malware, targeting innocent users," said Menlo Security's CTO Kowsik Guruswamy. "We were curious how that malware got there in the first place."