Large-Scale Supply Chain Attack: 30 WordPress Plugins Purchased and Backdoored
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Read the full articleYou might also wanna read
Supply-chain attack on OptinMonster and related WordPress plugins compromises 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec
Hacker Server Leak Unveils Massive WordPress Breach
Discover how a server exposure led to the revelation of a large-scale WordPress site hacking operation. Stay informed and secure your sites.
Introducing organizational controls to restrict Composer plugins for supply chain security
This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co
blog.packagist.com·1mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.