Hackers Exploit Gravity SMTP Plugin Bug to Expose API Keys
Malicious hackers are racing to exploit a vulnerability in the Gravity SMTP plugin, which has been installed on around 100,000 WordPress sites, to get their hands on sensitive API keys. Over 17 million exploit attempts have already been blocked by Wordfence, highlighting the urgent need for site owners to update to version 2.1.5.
#Wordpress #GravitySmtp #Cve20264020 #InformationDisclosure #RestApi
Hackers Exploit Gravity SMTP Plugin Bug on 100,000 WordPress Sites
A critical bug in the Gravity SMTP plugin is being exploited by hackers on over 100,000 WordPress sites, putting sensitive information at risk. Update to version 2.1.5 or later to patch the vulnerability.
#Wordpress #Smtp #GravitySmtp #Cve20264020 #PluginVulnerability
Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thousands of short-lived instances, disguised by 3,299 rotating user-agents, sweeping more than 36,000 ports for .env files, git configs, credentials, and database dumps.
Most of the CVE-2026-4020 attackers are the same client
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
#HackerNews #CVE20264020 #cybersecurity #cloudfleet #attackers #analysis
Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thousands of short-lived instances, disguised by 3,299 rotating user-agents, sweeping more than 36,000 ports for .env files, git configs, credentials, and database dumps.
Analyst207
N-gated Hacker News
Hacker News