Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...

CVE-2026-42530, the NGINX HTTP/3 vulnerability rated CVSS 9.2, is collecting dismissals because exploitation requires ASLR to ...

Intruder analyzed 3,000 attack surfaces and found 60% exposed HTTP panels, 49% risky ports, and 42% internet-facing databases ...

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

The next generation of the Model Context Protocol (MCP) enables enterprise-scale AI deployments but shifts critical security ...

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike ...

At least 15 plug-ins for JetBrains IDEs transmit API keys to an external server, while otherwise offering their promised ...

Adyen, Stripe, Visa, Mastercard, Google UCP, PayPal, and crypto-native challengers mapped by protocol reach and merchant ...