Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
The Cardano wallet provider says the exploit stemmed from a signing flaw that exposed private keys and has identified two ...
SecondFi traced a Cardano wallet exploit to an address-level issue after losses across 374 addresses, while 129 million ADA ...
SecondFi's exploit exposed flaws in wallet generation, triggering losses, and growing trust concerns across Cardano.
On an industrial estate in Essex, tyres, door panels and batteries emblazoned with the BMW logo lie scattered across the yard ...
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset ...
Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys ...
Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Ethereum L2 bridge exploit drains $1.7 million from Taiko after a leaked SGX signing key let an attacker forge withdrawal ...
Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Cardano wallet SecondFi has identified a recovery path for users affected by Tuesday’s exploit and expects to begin returning assets in about 2 weeks, pending ...
What happened Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on more than 100,000 WordPress ...