Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, th...
20 articles
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, th...
A large-scale exploitation campaign is actively weaponising known vulnerabilities across multiple content management systems, with WordPress plugins forming ...
A new analysis has revealed a significant security gap within the global web ecosystem. Over 70% of publicly accessible WordPress sites are running outdated,...
Atarim WordPress Plugin 4.2.
WordPress Bricks Builder Theme - RCE
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official releas...
The vulnerability resides in an exposed REST API endpoint within the Gravity SMTP plugin.
Vulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Fla...
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnera...
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [.
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S.
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware.
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attack...
Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleane...
Authorities from the Netherlands, Canada, the United States, and Germany removed the SocGholish malware and backdoors from 14,971 compromised WordPress websi...
On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin...
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish...
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor'...
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, incl...
A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputatio...