Preview image for a blog post

WP-SHELLSTORM Unmasked: Exposed Server Exposes 25,000 Compromised WordPress Sites and Threat Actor Arsenal

An exposed WP-SHELLSTORM server revealed tools, cloud credentials, and thousands of webshells, compromising 25,000 WordPress sites in a massive hacking campaign.
Preview image for a blog post

Gravity SMTP Plugin Zero-Day: Unauthenticated Attackers Expose WordPress API Keys (CVE-2026-4020)

Threat actors exploit Gravity SMTP WordPress plugin (CVE-2026-4020) to extract API keys, secrets, and OAuth tokens from 100,000 sites.
Preview image for a blog post

Supply Chain Breach: OptinMonster & Sister Plugins Implant Backdoors on 1.2M WordPress Sites

Critical supply chain attack compromises popular WordPress plugins, deploying stealthy backdoors on 1.2 million sites.
Preview image for a blog post

Critical Everest Forms Pro RCE Flaw: Unpacking the WordPress Admin Hijack

Deep dive into Everest Forms Pro RCE vulnerability, enabling remote code execution and rogue WordPress admin accounts.