I haven't seen this happen before, but the first thing that springs to mind is have you upgraded the site to mySQLi? If you're still using mySQL on php5 or older, it's much more susceptible to hacking. You should be on at least php7.4 but preferably php8 and definitely using mySQLi.
Download the free mySQLi tools, install the latest version of DataBridge 2 and then open any Recordsets, Insert, Update, and Delete Server behaviors on the page and switch them to the MySQLi connection. Once you click OK with a MySQLi connection, then the code is updated to MySQLi.
You can also download a beta version of PowerCMS here which updates to myMSQLi: https://www.webassist.com/PowerCMS.zip - there are further details in this thread: https://www.webassist.com/forums/posts.php?id=45570. It's a couple of years since I upgraded my PowerCMS sites to mySQLi /php7 and I can't remember if I had any issues with it, but if you hit any snags then just add to this post and I'll try to help!
