Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...
Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...
At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised functions.
On Tuesday, June 23, 2026, at approximately 3:12 p.m., Concord Police Department officers responded to a report of a robbery at Sunvalley Shopping Center. The incident occurred inside the mall near ...
Crunch, the leading API security platform for the agentic era, today announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
AI-powered plugin generators promise to democratise development – but is vibe coding really the future of plugin design, or ...