The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
GitHub

MCP server for Unreal Engine that uses Unreal Python Remote Execution

This server does not require installing a new UE plugin as it uses the built-in Python remote execution protocol. Adding new tools/features is much faster to develop ...
GitHub

Carrier email-to-SMS gateways — study + runnable PoCs

A reference repo on legacy SMTP-to-SMS bridges run by US mobile carriers, how red teams abuse them for spear-phishing, and what defenders see on the other side. Every vector has: Each script prints a ...