We received

We received information that one of our sites had been compromised with a "Injection.Black_SEO.Web.RTSS ", but Defender hadn't shown anything

I found the following in header.php but I'm trying to find out more about how it got there/how it was accessed:

<?php

if (!isset($_SERVER['REQUEST_URI']) || ltrim($_SERVER['REQUEST_URI'],'/') === '') {
print '<div class="dc" style="position: absolute; left: -9999px;">
<a href="http://sharetv.com/user/writingpeak">http://sharetv.com/user/writingpeak</a></div>';

}

?>