Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites.

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12…

Uncategorized June 18, 2026

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to…

Uncategorized June 17, 2026

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz…

Our Services

Company

Resources

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

More from our Knowledge Bank

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

Ready to get started?