WordPress wp2shell CVE-2026-63030: Update to 7.0.2 Now
CVE-2026-63030 (wp2shell) gives anonymous attackers a route to code execution in WordPress 6.9.0–6.9.4 and 7.0.0–7.0.1. Verify and update now.
News desk
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
July 18, 2026
CVE-2026-63030 (wp2shell) gives anonymous attackers a route to code execution in WordPress 6.9.0–6.9.4 and 7.0.0–7.0.1. Verify and update now.
Starland RAT hides in trojanized Zoom, WebEx, and other Windows installers. Check persistence, scan the PC, and secure passwords and wallets.
CVE-2026-53412 is a critical Zoom Workplace for Windows flaw that may allow unauthenticated account takeover. Check your version and update now.
OkoBot malware infects Windows through ClickFix and fake GitHub downloads, then injects fake recovery prompts into Ledger and Trezor apps to steal seed phrases.
A disclosed Cursor flaw can run a repository-local git.exe on Windows when a project opens. Check the root folder and recover safely after exposure.
Fake LastPass and Bitwarden security-policy emails use newsletter and compliance lookalike domains. Check the sender, avoid the download, and secure your vault.
LabubaRAT malware hides as nvidia-sysruntime.exe. Verify its signature and hash, remove autorun, scan for leftovers, and secure exposed accounts.
Lucide Proxy used 148 npm packages to turn student browser tabs into DDoS nodes. Check visits, service workers, site data, domains, and lockfiles.
Five malicious Jscrambler npm releases ran a cross-platform infostealer. Check versions, lockfiles, persistence, sessions, and exposed secrets.