Your Lead-Gen Popup Might Have a Backdoor: WordPress Plugin Backdoor Attack
TL;DR: In June 2026, attackers compromised the Content Delivery Network (CDN) behind OptinMonster, TrustPulse, and PushEngage and injected malicious code into files those plugins load automatically. These three WordPress lead-capture plugins are widely used and trusted. No update or download was needed to be exposed. Roughly 1.2 million sites were affected. The malware created…