Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Ravie LakshmananJun 20, 2026Vulnerability / Web Security Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a...
Security Threat
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Ravie LakshmananJun 01, 2026Vulnerability / Website Security, Threat actors are attempting to actively exploit a critical security flaw impacting WP...
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Ravie LakshmananMay 28, 2026Vulnerability / Endpoint Security Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient...
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS...
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Ravie LakshmananMay 14, 2026Vulnerability / API Security Threat actors have been observed attempting to exploit a recently disclosed security vulnerability...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Ravie LakshmananMay 05, 2026Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content...
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Ravie LakshmananApr 15, 2026Threat Intelligence / Cloud Security Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation...
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Ravie LakshmananApr 06, 2026Ransomware / Endpoint Security Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own...
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Ravie LakshmananMar 23, 2026Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Ravie LakshmananFeb 27, 2026Endpoint Security / Windows Security Threat actors are luring unsuspecting users into running trojanized gaming utilities that...
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Ravie LakshmananFeb 04, 2026Malware / Endpoint Security Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX...
