Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server. […]
A vulnerability marked as problematic has been reported in Envoy. The affected element is an unknown function of the component HPACK Compression Handler. The manipulation leads to denial of service.
This vulnerability is documented as CVE-2026-47774. The attack can be initiated remotely. There is not any exploit available.