A cybercrime group operating under the name WP-SHELLSTORM left a server open, revealing over 1.4 million targeted websites and operational details of their mass hacking approach. This exposure highlights significant vulnerabilities in outdated WordPress plugins, particularly affecting users of the Breeze caching plugin and Joomla's JCE editor.
A cybercrime crew, identified as WP-SHELLSTORM, accidentally exposed one of their servers for three weeks. This incident unveiled their hacking tools and logs, showing their operations against WordPress sites. Although the target list contained 1.4 million sites, they were not all successfully hacked.
The server, located at 137.175.93[.]126, was found by security teams due to its lack of basic password protection. Inside, approximately 800MB of files was publicly accessible, including webshells, exploit scripts, and command history. This careless leak was due to the operator running a Python web server for file transfers without securing it.
WP-SHELLSTORM utilized known vulnerabilities in outdated plugins to launch automated attacks against a large number of websites. Their primary target was the Breeze caching plugin, specifically exploiting CVE-2026-3844, which allowed them to backdoor more than 17,000 sites when certain conditions were met.
This incident serves as a critical reminder for website administrators to regularly update their plugins to mitigate risks from such mass hacking operations. The findings also underline the importance of monitoring and securing web servers to avoid similar exposures in the future.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A cybercrime group operating under the name WP-SHELLSTORM left a server open, revealing over 1.4 million targeted websites and operational details of their mass hacking approach. This exposure highlights significant vulnerabilities in outdated WordPress plugins, particularly affecting users of the Breeze caching plugin and Joomla's JCE editor.