Tech Times

WordPress Email Plugin Flaw Triggers 17 Million Attacks: Gravity SMTP Leaks Live API Keys

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.

Google Reportedly Wants Android App Code From Play Store Developers

Google is reportedly offering to pay select Android developers for source-code access. Here’s what Play Store developers should check before signing.
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Bleeping Computer

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue ...
Indiatimes

Microsoft tells engineers to stop using Anthropic's Claude, as canceling Claude Code licenses becomes an easy way to…

Microsoft is canceling most internal Claude Code licenses by June 30, pushing engineers to its own GitHub Copilot CLI. The catch? Anthropic's tool got too popular, undercutting Microsoft's homegrown ...
Bleeping Computer

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. The security issue affects ...
The Next Web

Microsoft’s quiet Claude Code retreat and the real cost of enterprise AI

In December of last year, Microsoft told thousands of its engineers, product managers and designers that they could use Claude Code, Anthropic’s command-line coding agent, on the company dime. By ...