A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites.
Far fewer were actually broken into, but the exposed files showed researchers how a mass site-hacking operation runs from the inside.
The operation, now tracked as WP-SHELLSTORM, is what SOCRadar calls a webshell access brokerage: a crew that breaks into sites at scale, plants a hidden backdoor (a "webshell") on each, and packages that access for resale.
More Inofrmation:
https://thehackernews.com/2026/07/expos ... ls-wp.html
Published Date: Jul 10, 2026 (9 hours, 32 minutes ago)
Vulnerabilities has been mentioned in this article:
CVE-2026-55200 CVE-2026-48907 CVE-2026-46817 CVE-2026-6433 CVE-2026-3844 CVE-2026-0740 CVE-2026-3300 CVE-2026-1969 CVE-2025-12057 CVE-2025-7443 CVE-2025-7852 CVE-2020-36847 CVE-2025-34085 CVE-2021-29441 CVE-2020-25213
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
-
Starburst-David
- Posts: 178
- Joined: Wed Feb 11, 2026 8:31 pm