information-disclosure

Blog All categories All authors All tags
Preview image for a blog post

Gravity SMTP Plugin Zero-Day: Unauthenticated Attackers Expose WordPress API Keys (CVE-2026-4020)

Threat actors exploit Gravity SMTP WordPress plugin (CVE-2026-4020) to extract API keys, secrets, and OAuth tokens from 100,000 sites.
Preview image for a blog post

Critical Linux Kernel Flaw: SSH Host Keys at Risk – Immediate Patching & Mitigation Advised

The 4th Linux kernel flaw this month threatens SSH host keys. Patch available, but not universally deployed. Learn immediate mitigation.