Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server. […]
A vulnerability marked as problematic has been reported in Envoy. The affected element is an unknown function of the component HPACK Compression Handler. The manipulation leads to denial of service.
This vulnerability is documented as CVE-2026-47774. The attack can be initiated remotely. There is not any exploit available.
A vulnerability labeled as critical has been found in Softaculous Page Builder Plugin up to 2.0.9 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to incorrect authorization.
This vulnerability is registered as CVE-2026-2470. It is possible to launch the attack remotely. No exploit is available.
The Gentlemen ransomware used infostealer credentials, AI tools, and affiliates to hit 483 victims across 66 countries in under a year. The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims on their dark-web leak site, 380 of them in 2026 alone. That makes them the […]