Wordpress
OptinMonster CDN Supply-Chain Attack: Tampered SDK Backdoors WordPress Admins
Attackers stole an Awesome Motive CDN key and laced the OptinMonster, TrustPulse, and PushEngage SDKs with code that creates rogue admins and plants a web shell — on up to 1.2M fully-patched sites.
Gravity SMTP CVE-2026-4020: Unauthenticated Flaw Leaks Cloud Email API Keys Amid Mass Exploitation
Attackers are mass-exploiting CVE-2026-4020 in the Gravity SMTP WordPress plugin to dump site config and third-party email provider API keys. Patch to 2.1.5 and rotate every key now.
Smart Slider 3 Pro Update Infrastructure Compromised — Backdoored Build Pushed to 800K+ WordPress Sites
Attackers compromised Nextend's update servers to distribute a weaponized Smart Slider 3 Pro build containing a multi-layered RAT with credential exfiltration and persistent backdoors.